Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: 8-bit patch for zle_tricky.c

X-seq: zsh-workers 1107
From: Zefram <A.Main@xxxxxxxxxxxxxxxxx>
To: hniksic@xxxxxxxxxxxxxx
Subject: Re: 8-bit patch for zle_tricky.c
Date: Mon, 20 May 1996 23:55:09 +0100 (BST)
Cc: A.Main@xxxxxxxxxxxxxxxxx, hzoli@xxxxxxxxxx, schaefer@xxxxxxx, zsh-workers@xxxxxxxxxxxxxxx
In-reply-to: <199605202243.AAA17633@xxxxxxxxxxxxx> from "Hrvoje Niksic" at May 21, 96 00:43:29 am

>As far as I understand, the other problem is with setuid programs calling
>other programs with system(), like:
>system("/bin/date");
>to output date. If the IFS contains '/', someone might have a program named
>bin in their path, and then...

There's a simple solution to that.  Set IFS before using system.  IMO,
setuid programs shouldn't be using system(3), but it is possible to do
it safely.

-zefram

Follow-Ups:
- Re: 8-bit patch for zle_tricky.c
  - From: Hrvoje Niksic

References:
- Re: 8-bit patch for zle_tricky.c
  - From: Hrvoje Niksic

Messages sorted by: Reverse Date, Date, Thread, Author