2009/327 [system_noshell]
Sumanth Naropanth
Sumanth.Naropanth at sun.com
Fri May 29 15:54:37 PDT 2009
Roland Mainz wrote on 05/29/09 15:39:
>> If we're going to *parse* commands using spaces or what not, I vote
>> no, right now!
>
> I agree with Casper... we had that kind of proposal with |exec_system()|
> a while ago (AFAIK in security-discuss at opensolaris.org) and that
> proposal was "eaten&&trampled alive" (there should be always an option
> to pass _any_ content (except '\0') via arguments and environment
> variables and using a whitespace character for argument splitting
> violates that).
>
Yes, we did have that discussion with exec_system(). Going by the
popular vote at that time from the folks on [security-discuss], I
revised it to provide the two extended interfaces (_x and _xv) in
addition to the simpler system_noshell() function. If the arguments
contain any special characters like quotes (or anything for that
matter), the extended interfaces should be used.
-Sumanth
More information about the opensolaris-arc
mailing list