From owner-cvs-all Thu Jan 4 7:10:12 2001 From owner-cvs-all@FreeBSD.ORG Thu Jan 4 07:10:10 2001 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 26DDC37B400; Thu, 4 Jan 2001 07:10:05 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f04F9kY06526; Thu, 4 Jan 2001 17:09:47 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200101041509.f04F9kY06526@gratis.grondar.za> To: Dag-Erling Smorgrav Cc: Paul Richards , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/pkg_install/update pkg_update.pl References: In-Reply-To: ; from Dag-Erling Smorgrav "04 Jan 2001 14:28:02 +0100." Date: Thu, 04 Jan 2001 17:09:43 +0200 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > $file not be what you expect, particularly should $file turn out to be > > "+REQUIRES" since ">+" is a valid open mode. > > This would not be a problem if you used sysopen() instead of open(). Even better - properly sanitise $file using taint-like checking. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message