On Wed, Jun 04, 2008 at 10:30:57PM +0200, Roland Mainz wrote: > David Bustos wrote: > > set -- `svcprop ...` > > # use positional parameters > > > Note that the example above relies in the use of IFS _and_ may be > vulnerable to attributary (shell) code execution. Technically the use of
The idea is for svcprop to quote things so this is not vulnerable provided you're using the standard IFS.
