Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Apple libc insecure handling of word expansion (github.com)

bobo the hobo writes: It appears that Apple's libc's shell word expansion routine shells out to Perl in a highly questionable fashion.

/* XXX this is _not_ designed to be fast */
/* wordexp is also rife with security "challenges", unless you pass it
WRDE_NOCMD it *must* support subshell expansion, and even if you
don't beause it has to support so much of the standard shell (all
the odd little variable expansion options for example) it is hard
to do without a subshell). It is probbably just plan a Bad Idea
to call in anything setuid, or executing remotely. */


Slashdot Top Deals

ASCII a stupid question, you get an EBCDIC answer.

Working...