Find the answer to your Linux question:
Results 1 to 4 of 4
Is it secure to call Code: system("export IFS=' \t\n'; /bin/ls ");...
  1. 10-26-2007 #1
    ksar
    ksar is offline
    Just Joined!
    Join Date
    Apr 2005
    Posts
    5

    system()

    Is it secure to call

    Code:
    system("export IFS=' \t\n'; /bin/ls ");
    Reply With Quote Reply With Quote
  2. 10-26-2007 #2
    RobinVossen
    RobinVossen is offline
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,422
    yea it is.
    You can make a mess out of your Local Vars but yea it is safe
    New Users, please read this..
    Google first, then ask..
    Reply With Quote Reply With Quote
  3. 10-26-2007 #3
    ksar
    ksar is offline
    Just Joined!
    Join Date
    Apr 2005
    Posts
    5
    But if I append userinput to the system()-command I have to filter characters like ";", "|" and "$", right?
    Reply With Quote Reply With Quote
  4. 10-26-2007 #4
    RobinVossen
    RobinVossen is offline
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,422
    yea, since else its easy exploitable.
    Well I dont even get why you want that :S
    If a user can add its own stuff there you really have to filter alot.
    Better "" everything they send. aswell
    New Users, please read this..
    Google first, then ask..
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...