On Tue, Aug 26, 2014 at 01:41:17PM -0700, Philip Guenther wrote: > In this case, the code only uses wordexp() to expand a path in a config > file variable, the path to the file holding.... > <wait for it...> > your google reader password! > > [...]
That is funny. I guess I should have looked at the code before complaining but even so, wordexp() is still a problem (maybe a smaller one, in this case, than I thought). While the code for 2.8 can be easily patched to compile on OpenBSD, there have been several commits since then that added even more usage of wordexp(). I will contact the author and ask him if he will stop using wordexp() in the future. If not, I suppose he'll have lost a user. Thanks for the reassurance that wordexp() is still bad. -- Kaashif Hymabaccus GPG: 2048R/3E810B04
