On Sun, Feb 10, 2019 at 11:40:06AM +0100, Leonardo Taccari wrote: > Hello Nick, > > Nick writes: > > [...] > > Ignore if you're too busy, but why is this considered bad practise? > > Is there some case of possible shell escaping or something I'm > > failing to see? I just ask for my own education. > > > > (I have no idea if this was original rationale about why not applying > this patch but I will try to share why it can be problematic in > some cases IME.) > > According dmenu(1) man page: > > > dmenu_run is a script used by dwm(1) which lists programs in the user's > > $PATH and runs the result in their $SHELL. > > by using `exec' this is no longer true. > > The user's $SHELL is no longer used and what can be typed in > `dmenu_run' is now restricted, (I don't know how usual is but > sometimes I use `|' and other shell commands in dmenu_run). >
Exactly this. It works like this since atleast 2011 (commit 56a0d1fa14de915419c037ac2604fe5c5b1fe4a3). If you dig in the git history you can see we've had most possible combinations already. -- Kind regards, Hiltjo
