> A urlCommand like the default "netscape -remote 'openURL(%s)'"
> is OK since the %s is protected by single quotes.
How so? Consider an argument of
'`rm -rf /tmp/test`'
This expands to
netscape -remote 'openURL('`rm -rf /tmp/test`')'
where the single quotes have no effect.
A proper fix would be not to invoke shell at all, but simply fork and
exec.
--
Stanislav Shalunov http://www.internet2.edu/~shalunov/
"The power of accurate observation is commonly called cynicism by
those who have not got it." -- G. B. Shaw
> A urlCommand like the default "netscape -remote 'openURL(%s)'"
> is OK since the %s is protected by single quotes.
How so? Consider an argument of
'`rm -rf /tmp/test`'
This expands to
netscape -remote 'openURL('`rm -rf /tmp/test`')'
where the single quotes have no effect.
A proper fix would be not to invoke shell at all, but simply fork and
exec.
--
Stanislav Shalunov http://www.internet2.edu/~shalunov/
"The power of accurate observation is commonly called cynicism by
those who have not got it." -- G. B. Shaw
[ reply ]