Browse Source

Add a CAVEATS section to warn programmers that shell meta-characters will

be passed to the command interpreter.
OPENBSD_2_8
aaron 24 years ago
parent
commit
c23a686afb
1 changed files with 9 additions and 1 deletions
  1. +9
    -1
      src/lib/libc/stdlib/system.3

+ 9
- 1
src/lib/libc/stdlib/system.3 View File

@ -33,7 +33,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: system.3,v 1.7 2000/04/20 13:50:03 aaron Exp $
.\" $OpenBSD: system.3,v 1.8 2000/10/06 04:17:51 aaron Exp $
.\" .\"
.Dd June 29, 1991 .Dd June 29, 1991
.Dt SYSTEM 3 .Dt SYSTEM 3
@ -93,3 +93,11 @@ function conforms to
.St -ansiC .St -ansiC
and and
.St -p1003.2-92 . .St -p1003.2-92 .
.Sh CAVEATS
Never supply the
.Fn system
function with a command containing any part of an unsanitized user-supplied
string.
Shell meta-characters present will be honored by the
.Xr sh 1
command interpreter.

Loading…
Cancel
Save