From: Aidan Skinner (aidan@skinner.demon.co.uk)
Date: Sat Sep 25 1999 - 15:16:22 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 11 Sep 1999, Damon Chaplin wrote:
> How about we allow an arbitrary command but with no arguments?
> We run it with fork and execvp rather than system, and all we pass it is the
> XML filename. Is that safe? (I know very little about security.)
No. All that will happen is that the command run will be another script
with the malicious code in it.
- - Aidan
- --
"Rotary barrel death stars: for when you absoloutely, positively, have
to obliterate every planet in the system"
http://www.skinner.demon.co.uk/aidan/
http://www.gla.ac.uk/Clubs/WebSoc/~9704075s/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.10 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE37R+JWyka/GZM+OgRAjZuAKClLZued61UR4KnC7PAfwIK2tfV0wCfYhz0
2aQyhBAfr1IPBtUhCdhuMzo=
=P7xD
-----END PGP SIGNATURE-----
+---------------------------------------------------------------------+
To unsubscribe from this list, send a message to majordomo@ncis.pn.org
with the line "unsubscribe glade-devel" in the body of the message.
This archive was generated by hypermail 2b29 : Tue Aug 01 2000 - 19:23:18 EDT