diff options
| author | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-10-06 04:17:52 +0000 |
|---|---|---|
| committer | Aaron Campbell <aaron@cvs.openbsd.org> | 2000-10-06 04:17:52 +0000 |
| commit | b0326669a61eb4f3cab4bea1b92f6f6f36782e4e (patch) | |
| tree | b869e6f70dfcaa07a68a3c63559cba41fbf37bee | |
| parent | 4e273f29893b3e4cbbf44f43312b930c38e17782 (diff) | |
Add a CAVEATS section to warn programmers that shell meta-characters will
be passed to the command interpreter.
| -rw-r--r-- | lib/libc/stdlib/system.3 | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/libc/stdlib/system.3 b/lib/libc/stdlib/system.3 index 2db413934e1..83c6de80e38 100644 --- a/lib/libc/stdlib/system.3 +++ b/lib/libc/stdlib/system.3 @@ -33,7 +33,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: system.3,v 1.7 2000/04/20 13:50:03 aaron Exp $ +.\" $OpenBSD: system.3,v 1.8 2000/10/06 04:17:51 aaron Exp $ .\" .Dd June 29, 1991 .Dt SYSTEM 3 @@ -93,3 +93,11 @@ function conforms to .St -ansiC and .St -p1003.2-92 . +.Sh CAVEATS +Never supply the +.Fn system +function with a command containing any part of an unsanitized user-supplied +string. +Shell meta-characters present will be honored by the +.Xr sh 1 +command interpreter. |