>Casper.Dik at Sun.COM wrote: > >> >> >Casper.Dik at sun.com wrote: >> > >> >> >> >> > If not used carefully, the system(3C) function may be responsible for >> >> > the following security concerns: >> >> > >> >> > + Execution of the command is affected by the PATH, IFS and other >> >> > environment variables. >> >> >> >> None of our current shells evaluates the IFS environment variable. >> > >> >The Bourne Shell (bin/sh) does. >> > >> >> >> Not in Solaris; it was fixed before Solaris 7 (bug 4077929) > >Why do you believe this?
Have you ever tested /bin/sh? sh does NOT import IFS from the environment. Solaris 2.6: env IFS=o sh -c 'echo ls' sh: ech: not found Current (Open)Solaris: env IFS=o sh -c 'echo ls' ls Your code doesn't proof anything; yep, there's a IFS variable but it is NOT imported from the environment. Casper
