Follow Slashdot stories on Twitter


Forgot your password?

Submission + - Apple libc insecure handling of word expansion (

bobo the hobo writes: It appears that Apple's libc's shell word expansion routine shells out to Perl in a highly questionable fashion.

/* XXX this is _not_ designed to be fast */
/* wordexp is also rife with security "challenges", unless you pass it
WRDE_NOCMD it *must* support subshell expansion, and even if you
don't beause it has to support so much of the standard shell (all
the odd little variable expansion options for example) it is hard
to do without a subshell). It is probbably just plan a Bad Idea
to call in anything setuid, or executing remotely. */

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley