[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: first patch to security problem

To: xchat-discuss@nl.linux.org
Subject: Re: first patch to security problem
From: Peter <zed@linuxpower.org>
Date: Sat, 26 Aug 2000 17:36:59 +1000 (EST)
In-Reply-To: <20000826031017.A12391@photek.dhs.org>
List: xchat-discuss
Reply-To: xchat-discuss@nl.linux.org
Sender: owner-xchat-discuss@nl.linux.org



On Sat, 26 Aug 2000, Decklin Foster wrote:

> > to  :      !netscape -remote 'openURL('%s')'
> 
> You can't be serious...
> 
> > +/* escapes \ $ ` ' " & | ; */
> 
> You forgot some metacharacters here, which is why this is a dangerous
> solution.

Like ?


> If I make a patch tomorrow to call execvp directly will you consider
> it?

Sure, but it's painfull. You'll have to worry about a argv[] array, and
$PATH.

-- 
Peter. <zed@linuxpower.org>

-
XChat-discuss: mailing list for XChat users
Archive:       http://mail.nl.linux.org/lists/
Posted By:     Peter <zed@linuxpower.org>

Follow-Ups:
- Re: first patch to security problem
  - From: Adam Langley <agl@linuxpower.org>
- Re: first patch to security problem
  - From: Decklin Foster <decklin@red-bean.com>

References:
- Re: first patch to security problem
  - From: Decklin Foster <decklin@red-bean.com>

Prev by Date: Re: first patch to security problem
Next by Date: Re: first patch to security problem
Prev by thread: Re: first patch to security problem
Next by thread: Re: first patch to security problem
Index(es):
- Date
- Thread