John.Zolnowsky at sun.com wrote:
>
> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
> This information is Copyright 2009 Sun Microsystems
> 1. Introduction
> 1.1. Project/Component Working Name:
> system_noshell
> 1.2. Name of Document Author/Supplier:
> Author: Sumanth Naropanth
> 1.3 Date of This Document:
> 29 May, 2009
> 4. Technical Description
> I'm sponsoring this fasttrack on behalf of Sumanth Naropanth.
> This case will time out June 5, 2009.
>
> SUMMARY:
> Implementation of new C library functions -- system_noshell(3C)
> (and variants) to work as secure alternatives to the system(3C)
> function, to proactively prevent security vulnerabilities resulting
> from unintended invocation of user shell.
Does it handle I/O redirection?
Does it handle other shell specific features
... or does it only split a command line at spaces?
If it does the latter, does it support quoting?
What are the characters that are used as split separators?
J?rg
--
EMail:joerg at schily.isdn.cs.tu-berlin.de (home) J?rg Schilling D-13353 Berlin
js at cs.tu-berlin.de (uni)
joerg.schilling at fokus.fraunhofer.de (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
