From owner-cvs-all  Thu Jan  4  7:10:12 2001
From owner-cvs-all@FreeBSD.ORG  Thu Jan  4 07:10:10 2001
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 26DDC37B400; Thu,  4 Jan 2001 07:10:05 -0800 (PST)
Received: from grondar.za (root@gratis.grondar.za [196.7.18.133])
	by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f04F9kY06526;
	Thu, 4 Jan 2001 17:09:47 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <200101041509.f04F9kY06526@gratis.grondar.za>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Paul Richards <paul@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/pkg_install/update pkg_update.pl 
References: <xzp8zorla59.fsf@flood.ping.uio.no> 
In-Reply-To: <xzp8zorla59.fsf@flood.ping.uio.no> ; from Dag-Erling Smorgrav <des@ofug.org>  "04 Jan 2001 14:28:02 +0100."
Date: Thu, 04 Jan 2001 17:09:43 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >   $file not be what you expect, particularly should $file turn out to be
> >   "+REQUIRES" since ">+" is a valid open mode.
> 
> This would not be a problem if you used sysopen() instead of open().

Even better - properly sanitise $file using taint-like checking.

M
-- 
Mark Murray
Warning: this .sig is umop ap!sdn


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message