Oh geez, that's a very good point. Thanks for catching that before an attacker does, Eli.
Eli Barzilay <[email protected]> writes: > 30 minutes ago, Michael Wilber wrote: >> I know it's a hack but for my needs, I just spawn a synchronous ssh >> process, like this: >> >> (define (get-remote-file file) >> (define success? #t) >> (define remote-bytes >> (with-output-to-bytes >> (λ() (set! success? >> (system (format "ssh machinename cat ~a" file)))))) >> (and success? remote-bytes)) > > (`system' should almost never be used in public code... Imagine > someone using the above code and dealing with the consequences of file > names like "foo; rm -rf ~".) > > -- > ((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay: > http://barzilay.org/ Maze is Life! ____________________ Racket Users list: http://lists.racket-lang.org/users
