good point. fair enough, i'm convinced... fixed by adding "--" to system() and popen() in bionic, with corresponding new tests: https://android-review.googlesource.com/c/platform/bionic/+/1881791
On Fri, Oct 22, 2021 at 1:38 AM Geoff Clare <[email protected]> wrote: > Rob Landley wrote, on 22 Oct 2021: > > > > On 10/21/21 6:38 PM, enh wrote: > > > > > it's unclear whether anyone's actually hit this in practice? and > even if they > > > had, their portable workaround would be to prefix with "exec "? > > > > > > maybe try [email protected] and see if there's any > consensus that > > > this is worth the potential trouble? i'm worried that someone is > > > _deliberately_ using this to pass extra flags to the shell, which > wouldn't > > > have a workaround if we did make this change :-( > > It's not possible to pass "extra" flags when the "--" is not there, > because system() only passes one argument after the "-c" to sh. > So you can pass flags _instead_of_ a command string, but not _extra_ > flags. Doing this will just get you an error message from sh about > the command string argument being missing (except on a system were sh > accepts -c with no command string as an extension, but I doubt any > such system exists). > > > > > Pinging you and Rich was my attempt at that, but if there's a dedicated > list... > > Note that I removed the libc-coord list from the Cc. > > -- > Geoff Clare <[email protected]> > The Open Group, Apex Plaza, Forbury Road, Reading, RG1 1AX, England >
