[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Perl's exec



On Thu, May 02, 2002 at 03:03:54PM +0200, Stefan Hornburg (Racke) wrote:
> # Pass parameters to Swish++ search program
> open (SEARCH, '-|')
> 	or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";
> 
> >From the Perl documentation it should be safe to pass "unsafe" characters
> in $search (perldoc -f exec).
> 
> I would like to read your opinion before allowing such things like *
> in $search.

Yes, this is safe from the shell.  As long as search++ does not
interpret any characters in a dangeous way, it looks safe.

Andrew


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: