Re: system() & user input

From: Pavel Tsekov <ptsekov gmx net>
To: "Andrew V. Samoilov" <kai cmail ru>
Cc: Pavel Roskin <proski gnu org>, <mc-devel gnome org>
Subject: Re: system() & user input
Date: Mon, 9 Sep 2002 12:15:12 +0200 (CEST)

On Fri, 6 Sep 2002, Andrew V. Samoilov wrote:

> There are some places in biultin editor, where systen() is called with
> unchecked user input.
> 
> For example pipe_mail(), edit_sort_cmd() and edit_block_process_cmd() in 
> edit/editcmd.c, but user input is not checked. It will be nice to use 
> mc_doubleopen() there to prevent possible security and data loss issue 
> there.

Do you refer to mc_doublepopen () ? If this is the case - what possible 
problems would it solve ? Btw mc_doublepopen () is a pretty expensive 
operation (2 forks) and should be replaced by some other mechanism.

I was going to take a look at this but right now I have some important 
task before I can go back to MC.

Pavel Tsekov

Follow-Ups:
- Re: system() & user input
  - From: Andrew V. Samoilov

References:
- system() & user input
  - From: Andrew V. Samoilov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]