Le 17/12/2010 20:57, Bob Proulx a écrit :
CGI scripts are not normally setuid but are running as the web
server process owner
You wish...
Instead they stem from a script running unverified user provided
input. [...] It is a problem, and a big one, but completely different from
having a
On 12/17/2010 7:37 AM, Greg Wooledge wrote:
[...]
The single biggest problem demonstrated by that page is the tendency
of people to invoke a shell from some other language to do something
for them. The example they use (from perl) is:
open (/bin/ls /data/cardfiles | grep $searchspec |);
On Fri, Dec 17, 2010 at 12:47:49PM -0600, Illia Bobyr wrote:
I worked on a pretty huge project written 99% in TCL. TCL looks is very
much like Bash, except that, I would say, it is cleaner in the quoting area.
The substantial difference is that bash does word splitting and globbing
on the
Marc Herbert wrote:
Sorry I did not know about this race condition. This is more or less
the type of problems I had in mind:
http://hea-www.harvard.edu/~fine/Tech/cgi-safe.html
In addition to the fine recommendations from the others I wanted to
specifically point out that the problems on
Marc Herbert wrote:
If the shell was real programming language, then we would not have
such a massive ban on setuid scripts (I am not saying setuid is a
great feature, this is not the point here; the point is why is the
shell the only language under such a ban?)
The shell isn't the only one
Le 13/12/2010 19:48, Stephane CHAZELAS a écrit :
Yes, they're called commands or programs or software.
People tend to forget that before all a shell is a command line
interpreter.
If you're finding yourself writing complex shell functions that
don't make use of external commands, then
On Mon, 13 Dec 2010, Stephane CHAZELAS wrote:
2010-12-13, 12:04(+00), Marc Herbert:
[...]
True, bash does not come with a vast library of ready-to-use functions.
Neither is there any such reference library available externally. Or
is there?
Yes, they're called commands or programs or
2010-12-13, 12:04(+00), Marc Herbert:
[...]
True, bash does not come with a vast library of ready-to-use functions.
Neither is there any such reference library available externally. Or
is there?
Yes, they're called commands or programs or software.
People tend to forget that before all a
I'm not sure whether this is a bug (the documentation doesn't address
this case), but it's at least mildly annoying.
If you invoke the cd commands with extra arguments after the directory
name, all the extra arguments are silently ignored.
I noticed this when I accidentally typed a '/' when I
Keith Thompson ks...@mib.org writes:
I'm not sure whether this is a bug (the documentation doesn't address
this case), but it's at least mildly annoying.
If you invoke the cd commands with extra arguments after the directory
name, all the extra arguments are silently ignored.
[description
On 09/23/2010 10:47 AM, Keith Thompson wrote:
I'm not sure whether this is a bug (the documentation doesn't address
this case), but it's at least mildly annoying.
If you invoke the cd commands with extra arguments after the directory
name, all the extra arguments are silently ignored.
I
11 matches
Mail list logo
