(meant to send this to augeas-devel) [In response to a private point about shell quoting]
You could ask this question another way: What happens if the new value I want to set comes from some external untrusted source, and it contains shell metacharacters? Is it the responsibility of the caller to escape it correctly, or is this something that Augeas should do? If it is the caller that should do it, how should the caller know? I can easily see an exploit taking place because some caller was not aware of the need to do escaping. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://et.redhat.com/~rjones/virt-top _______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
