22 Dec
2016
22 Dec
'16
6:54 a.m.
On 21/12/2016 18:51, Alan DeKok wrote:
It should work. I'll see if I can add some tests. Thank you. But in general, passing user input to an exec'd program is a bad idea. It's useful, but there are just too many opportunities for the user to do something bad.
Sure. The external password change program I've written isn't a shell script. As far as I can tell from source: the 'exec' xlat expansion ultimately calls execve(prog, args), i.e. it doesn't invoke a shell itself. Is that right? Cheers, Brian.