Tip: When constructing a shell command line or script programmatically,
to be parsed by the shell, you have to be especially careful about
quoting and escaping of any values that you plug in. This is a likely
place for strange inputs to the construction to break the language,
resulting in failure and possibly data loss or intrustion, possibly
undetected. When I have audited code for security vulnerabilities, the
construction of shell commands always catches my eye, since it seems
that people almost always get it wrong.
The various Unix-like shells (Bourne, C-shell, and their derivatives)
are hobbled by anachronistic craziness. If one finds that one is trying
to construct a string to be interpreted by a shell, then see whether one
can instead do it as: (1) a Racket list of arguments to a host OS
program exec, bypassing the shell; or (2) do more processing in Racket
and less in shell.
--
http://www.neilvandyke.org/
_________________________________________________
For list-related administrative tasks:
http://lists.racket-lang.org/listinfo/users
