[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: first patch to security problem

To: xchat-discuss@nl.linux.org
Subject: Re: first patch to security problem
From: Decklin Foster <decklin@red-bean.com>
Date: Sat, 26 Aug 2000 03:10:17 -0400
In-Reply-To: <Pine.LNX.4.10.10008261359290.1108-200000@cel1.localdomain>; from zed@linuxpower.org on Sat, Aug 26, 2000 at 02:05:11PM +1000
List: xchat-discuss
Organization: Imperial Mica Board
References: <Pine.LNX.4.10.10008261359290.1108-200000@cel1.localdomain>
Reply-To: xchat-discuss@nl.linux.org
Sender: owner-xchat-discuss@nl.linux.org
User-Agent: Mutt/1.2.5i

Peter writes:

> to  :      !netscape -remote 'openURL('%s')'

You can't be serious...

> +/* escapes \ $ ` ' " & | ; */

You forgot some metacharacters here, which is why this is a dangerous
solution.

If I make a patch tomorrow to call execvp directly will you consider
it?

-- 
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)
-
XChat-discuss: mailing list for XChat users
Archive:       http://mail.nl.linux.org/lists/
Posted By:     Decklin Foster <decklin@red-bean.com>

Follow-Ups:
- Re: first patch to security problem
  - From: Peter <zed@linuxpower.org>
- Re: first patch to security problem
  - From: Peter <zed@linuxpower.org>

References:
- first patch to security problem
  - From: Peter <zed@linuxpower.org>
- first patch to security problem
  - From: Peter <zed@linuxpower.org>

Prev by Date: first patch to security problem
Next by Date: Re: first patch to security problem
Prev by thread: first patch to security problem
Next by thread: Re: first patch to security problem
Index(es):
- Date
- Thread