From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from euclid.skiles.gatech.edu (list@euclid.skiles.gatech.edu [130.207.146.50]) by melb.werple.net.au (8.7.5/8.7.3) with ESMTP id JAA26676 for ; Tue, 21 May 1996 09:31:56 +1000 (EST) Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id TAA16052; Mon, 20 May 1996 19:15:57 -0400 (EDT) Resent-Date: Mon, 20 May 1996 19:15:57 -0400 (EDT) From: Hrvoje.Niksic@public.srce.hr (Hrvoje Niksic) Message-Id: <199605202308.BAA20042@jagor.srce.hr> Subject: Re: 8-bit patch for zle_tricky.c To: A.Main@dcs.warwick.ac.uk (Zefram) Date: Tue, 21 May 1996 01:08:12 +0200 (MET DST) Cc: hniksic@public.srce.hr, A.Main@dcs.warwick.ac.uk, hzoli@cs.elte.hu, schaefer@nbn.com, zsh-workers@math.gatech.edu In-Reply-To: <5723.199605202255@stone.dcs.warwick.ac.uk> from Zefram at "May 20, 96 11:55:09 pm" Reply-To: hniksic@public.srce.hr X-Mailer: ELM [version 2.4ME+ PL16 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Resent-Message-ID: <"ACU3n3.0.hw3.iqFen"@euclid> Resent-From: zsh-workers@math.gatech.edu X-Mailing-List: archive/latest/1108 X-Loop: zsh-workers@math.gatech.edu Precedence: list Resent-Sender: zsh-workers-request@math.gatech.edu In your mail, you said: [...] > There's a simple solution to that. Set IFS before using system. IMO, > setuid programs shouldn't be using system(3), but it is possible to do > it safely. Of course. But the point I was trying to make is that not only setuid scripts, but also setuid C programs calling system (and thus unintentionally invoking sh) can represent security problems. Which is why IFS is used the way it is in bash/ksh. -- hniksic@srce.hr | Student of electrical engineering hniksic@fly.cc.fer.hr | University of Zagreb, Croatia ------------------------------------------------------------------ `VI' - An editor used by those heretics that don't subscribe to the Emacs religion.