[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)

From: Alex Lyons A32/373-Winfrith Tel2368 FAX2508
Subject: Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
Date: Wed, 25 Jun 97 12:31:36 BST

> >     system("/bin/cp file1;/bin/sh; file2")       :(
> >     system("exec /bin/cp file1;/bin/sh; file2")  :)
> I believe that the discussion of 'exec' was referring to the family of
> system calls (execl, execlp, etc), which require the application to parse
> the command line into the argv array by itself.

I know.  That's why I'm suggesting putting "exec" in front of the command
string passed to system, as a less-hassle alternative: the shell does the
parsing, but then gets replaced by the first command before it can cause
any mischief.

; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]