Date: Fri, 25 Jan 2002 18:30:03 -0800 (PST) From: hsaka@mth.biglobe.ne.jp (Hironori Sakamoto) To: freebsd-bugs@FreeBSD.org Subject: Re: misc/34270: man -k could be used to execute any command. Message-ID: <200201260230.g0Q2U3s97703@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/34270; it has been noted by GNATS. From: hsaka@mth.biglobe.ne.jp (Hironori Sakamoto) To: keramida@freebsd.org Cc: bug-followup@freebsd.org, hsaka@mth.biglobe.ne.jp Subject: Re: misc/34270: man -k could be used to execute any command. Date: Sat, 26 Jan 2002 11:20:50 +0900 (JST) Hello, > From: Giorgos Keramidas <keramida@freebsd.org> > I changed the quotes used by system() to quote the command to double > quotes, and escape all double quotes in the shell command executed by > system() with a backslash. At least, '$', '`' and '\' should be quoted. I propose that all symbols and spaces (at lease, speical characters of /bin/sh) are quoted with '\' and the shell command is executed by system() without single/double quotes. Thank you, ------------------------------------------- Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> http://www2u.biglobe.ne.jp/~hsaka/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201260230.g0Q2U3s97703>