Joerg Schilling wrote: > Casper.Dik at Sun.COM wrote: > > >>> Casper.Dik at sun.com wrote: >>> >>> >>>>> If not used carefully, the system(3C) function may be responsible for >>>>> the following security concerns: >>>>> >>>>> + Execution of the command is affected by the PATH, IFS and other >>>>> environment variables. >>>>> >>>> None of our current shells evaluates the IFS environment variable. >>>> >>> The Bourne Shell (bin/sh) does. >>> >>> >> Not in Solaris; it was fixed before Solaris 7 (bug 4077929) >> > > Why do you believe this? > >
Bourne shell can make use of $IFS, but it is explicitly not taken from the parent shell: http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/sh/main.c#252 -- Brian Ruthven Sun Microsystems UK Solaris Revenue Product Engineering Tel: +44 (0)1252 422 312 Sparc House, Guillemont Park, Camberley, GU17 9QG
