[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: first patch to security problem

To: xchat-discuss@nl.linux.org
Subject: Re: first patch to security problem
From: Adam Langley <agl@linuxpower.org>
Date: Sat, 26 Aug 2000 17:55:12 +0100
In-Reply-To: <Pine.LNX.4.10.10008261735220.1481-100000@cel1.localdomain>; from zed@linuxpower.org on Sat, Aug 26, 2000 at 05:36:59PM +1000
List: xchat-discuss
Mail-Followup-To: xchat-discuss@nl.linux.org
References: <20000826031017.A12391@photek.dhs.org> <Pine.LNX.4.10.10008261735220.1481-100000@cel1.localdomain>
Reply-To: xchat-discuss@nl.linux.org
Sender: owner-xchat-discuss@nl.linux.org
User-Agent: Mutt/1.0.1i

On Sat, Aug 26, 2000 at 05:36:59PM +1000, Peter wrote:
> > If I make a patch tomorrow to call execvp directly will you consider
> > it?
> 
> Sure, but it's painfull. You'll have to worry about a argv[] array, and
> $PATH.
> 

This is the only valid way to do it. Shells *are not* ever secure in network
apps. And you should look at the manpage for execvp because it searches the
path for you if the strchr(command, '\') == NULL.

AGL

-- 
When will people realise that we don't care for their damm stupid laws? We can handle ourselves, thank you very much.

PGP signature

References:
- Re: first patch to security problem
  - From: Decklin Foster <decklin@red-bean.com>
- Re: first patch to security problem
  - From: Peter <zed@linuxpower.org>
- Re: first patch to security problem
  - From: Peter <zed@linuxpower.org>

Prev by Date: Re: first patch to security problem
Next by Date: Re: first patch to security problem
Prev by thread: Re: first patch to security problem
Next by thread: Re: first patch to security problem
Index(es):
- Date
- Thread