Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Feb 2015 13:36:44 +0100
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: wordexp(3)

On 02/11/2015 01:17 PM, Stuart Henderson wrote:
> On 2015/02/10 20:27, Solar Designer wrote:
>> (x5) <@...r> OpenBSD wins the wordexp(3) contest, by refusing to implement it altogether.
> 
> It might be of interest to know that we've only got patches in 2 ports
> as a result of this: celestia and filezilla (we're using globs instead
> of wordexp for these; I'm not aware of any negative feedback relating
> to these patches).

There is software out there which automatically uses a shell-based
implementation if the system does not provide wordexp.  With this in
mind, it makes sense to provide the interface even if you dislike it
(same thing with strlcpy).

-- 
Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ