system() & user input

There are some places in biultin editor, where systen() is called with
unchecked user input.

For example pipe_mail(), edit_sort_cmd() and edit_block_process_cmd() in edit/editcmd.c, but user input is not checked. It will be nice to use mc_doubleopen() there to prevent possible security and data loss issue there.

Andrew V. Samoilov.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]