Re: CVS update: subversion STACK

From: Karl Fogel <kfogel_at_galois.collab.net>
Date: 2000-11-07 22:29:29 CET

gstein@tigris.org writes:
> + - security checks (e.g. system() usage in wc/get_editor)

And in log.c, now. (Thanks for noticing, Greg.)

We may just want to internalize diff/patch functionality, for speed
and security, eventually.

But while we're driving them as external programs, we'll need to give
the user a way to specify (at build-time, overrideable at run-time)
exactly which program gets run, of course.

That's something I'm putting off until after the basic merge
functionality is working, but if someone jumps in and adds the code
that's fine too.

Is system() a security risk beyond this, and if so how should we drive
external programs?

-Karl
Received on Sat Oct 21 14:36:14 2006

This message: [ Message body ]
Next message: Karl Fogel: "Problem in base64 encoding, or in svndiff generation?"
Previous message: Greg Stein: "[rbb@locus.apache.org: cvs commit: apache-2.0/src/main http_connection.c http_core.c http_protocol.c rfc1413.c util_md5.c]"
Next in thread: Branko Èibej: "Re: CVS update: subversion STACK"
Reply: Branko Èibej: "Re: CVS update: subversion STACK"
Maybe reply: Karl Fogel: "Re: CVS update: subversion STACK"
Reply: Greg Stein: "Re: CVS update: subversion STACK"
Maybe reply: Karl Fogel: "Re: CVS update: subversion STACK"
Maybe reply: Karl Fogel: "Re: CVS update: subversion STACK"
Maybe reply: Karl Fogel: "Re: CVS update: subversion STACK"
Maybe reply: Branko Èibej: "Re: CVS update: subversion STACK"
Maybe reply: Ben Collins-Sussman: "Re: CVS update: subversion STACK"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]