[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why does groff require psutils?
From: |
Ingo Schwarze |
Subject: |
Re: Why does groff require psutils? |
Date: |
Sun, 26 Nov 2023 15:34:10 +0100 |
Hi,
not related to the "psutils" questions, but this almost made my
eyes fall out.
Alexis wrote on Sun, Nov 26, 2023 at 12:28:25PM +0100:
> Would replacing the following in src/preproc/html/pre-html.cpp
> s = make_string("psselect -q -p%d %s %s\n",
> pageno, psFileName, psPageName);
WHOA.
What kind of crappy code is that?
It's really "C Programming 101" that you must *never* do anything
like that. Obviously, execve(2) or a similar library function
that does not suffer from shell argument splitting and shell
metacharacter issues must be used here. If we want to continue
shipping preproc/html, i think this definitely needs to be fixed.
I mean, for all i know, there are people running "groff -T html"
on public web servers to serve manual pages to the general public
via public CGI interfaces...
Yours,
Ingo