Bugtraq mailing list archives

Re: IFS hole?

From: strick () osc versant com (henry strickland)
Date: Wed, 15 Dec 93 11:07:17 PST


# I wouldn't have thought the IFS environment variable should cause a
# problem providing that the things that you are execving are not Bourne
# Shell scripts

Um, a nit, but it's transitive -- the thing you execv may execv
something that eventually execv's a shell;  you just don't know who's
gonna use system() or popen().

e.g.    whoda thought "vi" would exec "expreserve" which would would
        call system() to send mail.  But it did.

conclusion, IFS is a problem.

Current thread:

Re: IFS hole? Yonathan (Dec 15)
- Re: IFS hole? abeckett () fmlrnd co uk (Dec 15)
- <Possible follow-ups>
- Re: IFS hole? mark kraitchman (Dec 15)
  - Re: IFS hole? Greg Woods (Dec 15)
  - IFS hole? Karyn Pichnarczyk (Dec 15)
- Re: IFS hole? henry strickland (Dec 15)
- Re: IFS hole? Peter shipley (Dec 15)
- Re: IFS hole? Rik Harris (Dec 15)
- Re: IFS hole? Christopher Davis (Dec 17)