> It must be suid to work at all.
yeah,.. noted this.
> > with lots of buffer overruns, i think that's extremely dangerous.
>
> Probably so. If you've found problems, please patch them. I integrate every
> patch I receive into Osh, and it's been over a year since I received any.
>
1, actually, I am afraid there's a whole bunch of problems, (mostly buffer
overflows), which could be exploited with certain buff-overflow code.
Basically I would use strncpy for all strcpy's there. (you never know what
parameter you're passed. or what's the ENV variable length). If you want i
could fix all those overlooks and send you a patch. (actually,nowdays i am
just developing a code for my personal needs based on yours).
2. For parser i would rather use flex generator there, rather than writing
it myself (1. You'd avoid mistakes,2. It's easier)
I guess there were some other things, which i noted while looking thro the
code, I will drop you a line, when i recall'em.
Fyodor
