Junio wrote:
> The command line for running "diff" command is built without
> taking shell metacharacters into account.
Ack - you're right. One should avoid popen and system
in all but personal hacking code. There are many ways,
beyond just embedded shell redirection, to cause problems
with the
The command line for running "diff" command is built without
taking shell metacharacters into account. A malicious dircache
entry "foo 2>bar" (yes, a filename with space) would result in
creating a file called "bar" with the error message "diff: foo:
No such file or directory" in it.
This is not
2 matches
Mail list logo
