[Users] That won't work.
Michael Rasmussen
mir at miras.org
Tue Oct 13 22:56:04 CEST 2020
On Tue, 13 Oct 2020 21:52:43 +0100
Dave Howorth <dave at howorth.org.uk> wrote:
>
> I don't think that is the problem here. The problem is that the
> invoking program (claws) invokes a shell and passes it stringified
> arguments (presumably prepended by the stringified command).
>
This is exactly the problem I was proposing a solution for. A white
list will filter away any arguments not allowed. Another solution could
be borrowing taint/untaint from Perl.
--
Hilsen/Regards
Michael Rasmussen
Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
https://pgp.key-server.io/pks/lookup?search=0xD3C9A00E
mir <at> datanom <dot> net
https://pgp.key-server.io/pks/lookup?search=0xE501F51C
mir <at> miras <dot> org
https://pgp.key-server.io/pks/lookup?search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
It's ten o'clock; do you know where your processes are?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20201013/9e0c725e/attachment.sig>
More information about the Users
mailing list