On 1/20/26 09:00, Simon Josefsson wrote: > We chose to sanitize all variables for expansion. The following two > patches are what we suggest: > > https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b > https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc
If a variable expands to an empty value, will the subsequent code remove the command-line argument entirely, rather than passing an empty string? Or should an empty string be treated as an error? Also, would an allowlist be better than a denylist? -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
