Hello Piotr, On Mon, Mar 1, 2010 at 22:11, Piotr Minkina <likemandr...@o2.pl> wrote: > In example I can run "echo $(/bin/sh)" or "echo $(/bin/su)", or every other > command.
Thank you for reporting this. You are absolutely right that the default configuration of lshell permits this, and it should not. I have already corrected this bug in the upcoming version of lshell. A temporary fix would be to add "$" in the forbidden list: ---------------8<-----------------------8<--------------- ## a list of forbidden character or commands forbidden : [';', '&', '|','>','<', '$'] ---------------8<-----------------------8<--------------- I am working on getting the new version out very soon. Kind regards, Ignace M -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
