Hello, Sorry to come back to you only now. This bug has also an entry in the main mondo bug system (https://developer.berlios.de/bugs/?func=detailbug&bug_id=7421&group_id=2524)
The main issue is with popen system calls which do not provide any way to protect against those types of chars :-( Solution is to replace those calls as well as system probably, even if I think I already corrected some of them in SVN (but I do not remember the attr things :() > One possibility is to replace use of system() by fork() and exec(). Exactly. But I have to look more closely at how to do that properly. >Not having looked at the mondo code, I have no idea how > much work this would be. A lot. Less that the asprintf thing, but still a lot. We should re-code the paranoid_system entry into a mr_system (as I already began to do for other calls in the code) and replace as well the single system (there are some) and popen. > It's a common need, so I suspect that such a function exists, in many > languages. The fork/exec solution likewise probably exists, too. Will look at it. Bruno. -- Linux Profession Lead EMEA / Open Source Evangelist \ HP C&I EMEA IET http://www.mondorescue.org / HP/Intel Solution Center \ http://hpintelco.net Des infos sur Linux? http://www.HyPer-Linux.org http://www.hp.com/linux La musique ancienne? http://www.musique-ancienne.org http://www.medieval.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
