|
From: | Shigio YAMAGUCHI |
Subject: | Re: A CGI security hole on Windows? |
Date: | Sat, 12 Mar 2016 21:27:54 +0900 |
> Doesn't the following code have a security hole on Windows?
"-|" is not supported on Windows and I believe exec will go
through the shell anyway (Windows always has a single command
line string, never individual arguments). (This change was
originally submitted 2014-01-22.)
--
Jason.
[Prev in Thread] | Current Thread | [Next in Thread] |