Re: Perl's exec
On Thu, May 02, 2002 at 03:03:54PM +0200, Stefan Hornburg (Racke) wrote:
> # Pass parameters to Swish++ search program
> open (SEARCH, '-|')
> or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";
>
> >From the Perl documentation it should be safe to pass "unsafe" characters
> in $search (perldoc -f exec).
>
> I would like to read your opinion before allowing such things like *
> in $search.
Yes, this is safe from the shell. As long as search++ does not
interpret any characters in a dangeous way, it looks safe.
Andrew
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- References:
- Perl's exec
- From: racke@linuxia.de (Stefan Hornburg Racke)