Ulrich Drepper <drepper@redhat.com> writes:
> On Tue, 2002-07-23 at 09:53, Karl Fogel wrote:
>
> > (I suppose we could have a configuration-determined character that
> > gets substituted in, but doesn't seem worth the trouble...)
>
> I do think it is. This is a potential security hole.
As already stated, we have been over this. Talking about security
holes in code doing invoking $EDITOR is just silly, since the 3v1L
user can just put his 3v1L commands in a script and set $EDITOR to
point to that script instead of bothering with trying to fool /bin/sh
to run them as part of the invocation.
> And re not using something else but system. I haven't seen the
> discussions but it seems to be again "a minimum functionality dictates
> usage" thing. This is wrong.
Yes, your ananysis of the discussion (which you haven't even read) is
incorrect. It's a "confuse the user less by doing it like everybody
else does it" thing.
> If you'd use posix_spawn() or even
> fork()/exec you'd not only get better security but also significantly
> more speed and and less resource usage (executing a shell is extrememly
> demanding).
And, unfortunately, worse functionality for the user. $EDITOR can
contain stuff like "LD_LIBRARY_PATH=/foo/bar/gazonk strange_emacs"
or whatever. Please read the old discussions so that you may at least
say something new. :-)
// Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 23 20:08:24 2002