Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Apple libc insecure handling of word expansion (github.com)

bobo the hobo writes: It appears that Apple's libc's shell word expansion routine shells out to Perl in a highly questionable fashion.

/* XXX this is _not_ designed to be fast */
/* wordexp is also rife with security "challenges", unless you pass it
WRDE_NOCMD it *must* support subshell expansion, and even if you
don't beause it has to support so much of the standard shell (all
the odd little variable expansion options for example) it is hard
to do without a subshell). It is probbably just plan a Bad Idea
to call in anything setuid, or executing remotely. */


Slashdot Top Deals

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Working...