Hi,
my patch for the use of `popen' is just an ad-hoc solution (aka hack)
that might be useful for people trying to do some shell-scripting in
hugs, before anything more fundamental becomes available. The security
problem (thanks to Fergus Henderson and Carl Witty for pointing it out)
must be dealt with within Haskell. This should also be possible for
dedicated shell-like programs, but of course we cannot expect *every*
user of hugs to take care of it.
BTW, besides the security problem there is of course also a semantic
hole: What if I really want to read a file whose name ends in "|"?
Although I did not make that clear explicitly, the patch was actually
not meant to be included into an official hugs release (although I
admittedly found it flattering when I got mail suggesting that), at
least not as-is. There should at least be an option for explicitly
enabling it. But of course I would prefer a function `popen' on the
Haskell level (which would also make a primitive `openFileOrPipe'
unnecessary), or even more, as I wrote in my previous mail, access to
the "real thing": the system calls like `fork', `execve', etc.
Heribert.
