Perl's exec
This is a fragment of dhelp's dsearch CGI script:
# Pass parameters to Swish++ search program
open (SEARCH, '-|')
or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";
>From the Perl documentation it should be safe to pass "unsafe" characters
in $search (perldoc -f exec).
I would like to read your opinion before allowing such things like *
in $search.
Ciao
Racke
--
Think of it !
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: