11 Apr
2007
11 Apr
'07
6:12 a.m.
On Tue, 2007-04-10 at 18:28 -0700, Kees Cook wrote:
On Tue, Apr 10, 2007 at 05:35:46PM -0700, Kees Cook wrote:
However, I much more recommend using arrays for doing execution, since that forces the right arguments and stops any kind of shell expansion.
BTW, after digging around and finding the code in extension/implementation/script.cpp, and seeing the "pipe_t" class, this whole infrastructure needs o be replaced with g_spawn_async_with_pipes() and the usage of arrays for execution instead of strings. This should reduce the size of the code, make it much easier to maintain, and end up being much much safer.
Cool, thanks Kees. Now do you have to write up an exploit for this? ;)
--Ted