I understood. Thank you. I'm sorry but would you please uncomment it when you make a Windows package? This code is not used on UNIX. Presence or absence of a security hole seems to be dependent on the specification (syntax) of Windows shell. Since I'm not conversant about it, I'd overlook a security hole in the future. I prefer not to entrust GLOBAL's fate to Microsoft.
Regards, Shigio 2016-03-12 16:04 GMT+09:00 Jason Hood <[email protected]>: > > Doesn't the following code have a security hole on Windows? > > "-|" is not supported on Windows and I believe exec will go > through the shell anyway (Windows always has a single command > line string, never individual arguments). (This change was > originally submitted 2014-01-22.) > > -- > Jason. > -- Shigio YAMAGUCHI <[email protected]> PGP fingerprint: D1CB 0B89 B346 4AB6 5663 C4B6 3CA5 BBB3 57BE DDA3
_______________________________________________ Bug-global mailing list [email protected] https://lists.gnu.org/mailman/listinfo/bug-global
