I think we should stand up to crap and not ever impliment it.
> On Tue, Apr 6, 2010 at 1:53 AM, Matthew Haub
> <matthew.h...@alumni.adelaide.edu.au> wrote:
> > This patch adds support for wordexp(3) and wordfree(3) to libc. These
> > functions conform to IEEE Std 1003.1-2001 (POSIX). The implementation
> > comes from NetBSD and uses a shell builtin, "wordexp", to perform the
> > expansion in line with the methods suggested in the specification[1].
>
> > [1] http://www.opengroup.org/onlinepubs/9699919799/functions/wordexp.html
>
> "Therefore, the application shall ensure that words does not contain
> an unquoted <newline> character or any of the unquoted shell special
> characters '|' , '&' , ';' , '<' , '>' except in the context of
> command substitution as specified in XCU Command Substitution . It
> also shall not contain unquoted parentheses or braces, except in the
> context of command or variable substitution. The application shall
> ensure that every member of words which it expects to have expanded by
> wordexp() does not contain an unquoted initial comment character. The
> application shall also ensure that any words which it intends to be
> ignored (because they begin or continue a comment) are deleted from
> words."
>
> What a load of crap.
>
> > +.Sh BUGS
> > +Do not pass untrusted user data to
> > +.Fn wordexp ,
> > +regardless of whether the
> > +.Dv WRDE_NOCMD
> > +flag is set.
> > +The
> > +.Fn wordexp
> > +function attempts to detect input that would cause commands to be
> > +executed before passing it to the shell
> > +but it does not use the same parser so it may be fooled.
>
> I'm sorry, but this is terrible. (Not your effort, which is
> appreciated, but the whole function.) I do not like the idea of
> adding a "be extra careful or you will introduce a backdoor" function
> to libc.
>
> Also, a libc function that doesn't work in chroot? What use is that?
