[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Perl's exec

This is a fragment of dhelp's dsearch CGI script:

# Pass parameters to Swish++ search program
open (SEARCH, '-|')
	or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";

>From the Perl documentation it should be safe to pass "unsafe" characters
in $search (perldoc -f exec).

I would like to read your opinion before allowing such things like *
in $search.

Think of it !

For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: