![]() |
|
Date: Wed, 11 Feb 2015 13:36:44 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: wordexp(3) On 02/11/2015 01:17 PM, Stuart Henderson wrote: > On 2015/02/10 20:27, Solar Designer wrote: >> (x5) <@...r> OpenBSD wins the wordexp(3) contest, by refusing to implement it altogether. > > It might be of interest to know that we've only got patches in 2 ports > as a result of this: celestia and filezilla (we're using globs instead > of wordexp for these; I'm not aware of any negative feedback relating > to these patches). There is software out there which automatically uses a shell-based implementation if the system does not provide wordexp. With this in mind, it makes sense to provide the interface even if you dislike it (same thing with strlcpy). -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.