Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Apple libc insecure handling of word expansion (github.com)

bobo the hobo writes: It appears that Apple's libc's shell word expansion routine shells out to Perl in a highly questionable fashion.

/* XXX this is _not_ designed to be fast */
/* wordexp is also rife with security "challenges", unless you pass it
WRDE_NOCMD it *must* support subshell expansion, and even if you
don't beause it has to support so much of the standard shell (all
the odd little variable expansion options for example) it is hard
to do without a subshell). It is probbably just plan a Bad Idea
to call in anything setuid, or executing remotely. */


Slashdot Top Deals

You know you've been spending too much time on the computer when your friend misdates a check, and you suggest adding a "++" to fix it.

Working...