while i was having a look at OpenSSL.pm, i saw that quoting of shell arguments are done improperly. this example demontrates what i mean:
...> cat foo #!/usr/bin/perl $subject = 'foo "; echo bar" baz'; print "$subject\n"; system "echo \"$subject\""; print "\Q$subject\E\n"; system "echo \Q$subject\E"; ...> perl foo foo "; echo bar" baz foo bar baz foo\ \"\;\ echo\ bar\"\ baz foo "; echo bar" baz the first system gets fooled (and is a security hazard), the second should be bullet proof. rj _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
