[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
|
From: |
Alex Lyons A32/373-Winfrith Tel2368 FAX2508 |
|
Subject: |
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd) |
|
Date: |
Wed, 25 Jun 97 12:31:36 BST |
> > system("/bin/cp file1;/bin/sh; file2") :(
> > system("exec /bin/cp file1;/bin/sh; file2") :)
> I believe that the discussion of 'exec' was referring to the family of
> system calls (execl, execlp, etc), which require the application to parse
> the command line into the argv array by itself.
I know. That's why I'm suggesting putting "exec" in front of the command
string passed to system, as a less-hassle alternative: the shell does the
parsing, but then gets replaced by the first command before it can cause
any mischief.
Alex.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), (continued)
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Jan Hlavacek, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd),
Alex Lyons A32/373-Winfrith Tel2368 FAX2508 <=
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Bela Lubkin, 1997/06/26
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/27