Re: system() & user input

On Fri, 6 Sep 2002, Andrew V. Samoilov wrote:

> There are some places in biultin editor, where systen() is called with
> unchecked user input.
> For example pipe_mail(), edit_sort_cmd() and edit_block_process_cmd() in 
> edit/editcmd.c, but user input is not checked. It will be nice to use 
> mc_doubleopen() there to prevent possible security and data loss issue 
> there.

Do you refer to mc_doublepopen () ? If this is the case - what possible 
problems would it solve ? Btw mc_doublepopen () is a pretty expensive 
operation (2 forks) and should be replaced by some other mechanism.

I was going to take a look at this but right now I have some important 
task before I can go back to MC.

Pavel Tsekov

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]