From c23a686afbdd81798b83c9e4235e2fdb60627175 Mon Sep 17 00:00:00 2001 From: aaron <> Date: Fri, 6 Oct 2000 04:17:51 +0000 Subject: [PATCH] Add a CAVEATS section to warn programmers that shell meta-characters will be passed to the command interpreter. --- src/lib/libc/stdlib/system.3 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/lib/libc/stdlib/system.3 b/src/lib/libc/stdlib/system.3 index 2db41393..83c6de80 100644 --- a/src/lib/libc/stdlib/system.3 +++ b/src/lib/libc/stdlib/system.3 @@ -33,7 +33,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: system.3,v 1.7 2000/04/20 13:50:03 aaron Exp $ +.\" $OpenBSD: system.3,v 1.8 2000/10/06 04:17:51 aaron Exp $ .\" .Dd June 29, 1991 .Dt SYSTEM 3 @@ -93,3 +93,11 @@ function conforms to .St -ansiC and .St -p1003.2-92 . +.Sh CAVEATS +Never supply the +.Fn system +function with a command containing any part of an unsanitized user-supplied +string. +Shell meta-characters present will be honored by the +.Xr sh 1 +command interpreter.