Junio wrote:
> What Linus is saying is that he wants you to talk with git
> plumbing by invoking the executables he have, via system(3),
> popen(3), etc.

Hopefully, Linus didn't specify system(3) or popen(3) for production

They are a rich source of security holes.  Inefficient, too, since they
invoke a shell process to interpret the command.

Use execve(2), or exevl(3), execle(3), execv(3).

Or if you really enjoy the path search, use execlp or execvp, but with
your own $PATH, not trusting the one passed in via the environment any
further than you can throw it.

However, on further consideration, I think Linus is wrong to recommend
that the git executables, not a libgit library, be the 'basic user level
on which all else is based."

I will reply to a Linus post, expounding on that thought further.

                  I won't rest till it's the best ...
                  Programmer, Linux Scalability
                  Paul Jackson <[EMAIL PROTECTED]> 1.650.933.1373, 
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to