[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.1.17 having issue with ExecResult() using pipelines

From: Mark Burgess
Subject: Re: 2.1.17 having issue with ExecResult() using pipelines
Date: Fri, 11 Nov 2005 22:17:33 +0100

To have pipes you have to have a shell. But the price for having a shell
is a less certain environment for execution, in which shell environment
attacks can be used etc. That is also why the "useshell" option exists
for shellcommands. In general I try to have default behaviour as secure
as possible.


On Fri, 2005-11-11 at 15:13 -0600, Paul Krizak wrote:
> What was preventing the pipes from working in ExecResult?  I'm a bit 
> concerned that it was reportedly working in 2.1.15 (which is the version 
> we're on now), and apparently broken in 2.1.16-17...and then fixed with 
> a *new* command in 2.1.18cvs?
> I'm not sure how running
> ExecResult(/bin/sh -c ${dblquote}/bin/cat /proc/cpuinfo | grep 
> Processor${dblquote})
> Is any different than
> ExecShellresult(/bin/cat /proc/cpuinfo | grep Processor)
> ...or am I missing something?

This is just a convenience so you don't have to use the /bin/sh


reply via email to

[Prev in Thread] Current Thread [Next in Thread]