On Sat, Oct 27, 2012 at 7:00 PM, Ben Boeckel <[email protected]> wrote: > Single quote the arguments to the executable. This is ripe for code > execution (remote_user is under attacker's control).
Was going to mention this myself, but you beat me too it. Dead on. Correctamundo. Please double double tripe triple check your code before submitting things. While we're on the topic, is "system" the best way to be calling this? Since an auth helper gets called for each and every request, it seems like it'd be cleanest if we could just fork/exec/wait ourselves, passing the options in to execv. This way we don't have to fire up a shell interpreter each time. _______________________________________________ cgit mailing list [email protected] http://hjemli.net/mailman/listinfo/cgit
