From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chris@the-brannons.com>
Received: from localhost (75-164-214-250.ptld.qwest.net [75.164.214.250])
 by hurricane.the-brannons.com (Postfix) with ESMTPSA id 5B6887890F
 for <edbrowse-dev@lists.the-brannons.com>;
 Fri, 13 Feb 2015 16:47:44 -0800 (PST)
From: Chris Brannon <chris@the-brannons.com>
To: edbrowse-dev@lists.the-brannons.com
Date: Fri, 13 Feb 2015 16:47:27 -0800
Message-ID: <87bnkxmi8w.fsf@mushroom.localdomain>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Subject: [Edbrowse-dev] wordexp
X-BeenThere: edbrowse-dev@lists.the-brannons.com
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Edbrowse Development List <edbrowse-dev.lists.the-brannons.com>
List-Unsubscribe: <http://lists.the-brannons.com/mailman/options/edbrowse-dev>, 
 <mailto:edbrowse-dev-request@lists.the-brannons.com?subject=unsubscribe>
List-Archive: <http://lists.the-brannons.com/mailman/private/edbrowse-dev/>
List-Post: <mailto:edbrowse-dev@lists.the-brannons.com>
List-Help: <mailto:edbrowse-dev-request@lists.the-brannons.com?subject=help>
List-Subscribe: <http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev>, 
 <mailto:edbrowse-dev-request@lists.the-brannons.com?subject=subscribe>
X-List-Received-Date: Sat, 14 Feb 2015 00:47:44 -0000

I recently learned that the wordexp function may have security issues on
some operating systems.
http://www.openwall.com/lists/oss-security/2015/02/11/3

So my question is this.  Are we passing any untrusted input to wordexp?
Or does it just expand filenames obtained from the user at the keyboard?

-- Chris