[augeas-devel] FreeBSD /etc/rc.conf
Richard W.M. Jones
rjones at redhat.com
Thu Nov 18 11:52:45 UTC 2010
(meant to send this to augeas-devel)
[In response to a private point about shell quoting]
You could ask this question another way: What happens if the new value
I want to set comes from some external untrusted source, and it
contains shell metacharacters? Is it the responsibility of the caller
to escape it correctly, or is this something that Augeas should do?
If it is the caller that should do it, how should the caller know?
I can easily see an exploit taking place because some caller was not
aware of the need to do escaping.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
More information about the augeas-devel
mailing list