bug-global
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A CGI security hole on Windows?

From: Shigio YAMAGUCHI
Subject: Re: A CGI security hole on Windows?
Date: Sat, 12 Mar 2016 09:45:24 +0900
Hello all,
Though I don't know about Windows's shell,
I think that there is a possibility including a security hole.
For safety ensuring, let me comment out the code.
Those who thinks it is safe will be able to uncomment easily.

#if ($^O eq 'MSWin32') {
#       open(PIPE, "$global_command" . " --result=ctags-xid $flags $pattern |");
#} else {
...
#}

Regards,
Shigio


2016-03-09 14:55 GMT+09:00 Shigio YAMAGUCHI <address@hidden>:
Hello specialists of Windows,

Doesn't the following code have a security hole on WIndows?

[global.cgi]
if ($^O eq 'MSWin32') {
        open(PIPE, "/usr/local/bin/global" . " --result=ctags-xid $flags $pattern |");
} ...
[completion.cgi]
if ($^O eq 'MSWin32') {
        open(PIPE, "/usr/local/bin/global" . " -${flags}e $q |");
} ...

Though GNU GLOBAL does not support Windows, we need to get rid of dangerous code.
Thank you in advance.

Regards,
Shigio

--
Shigio YAMAGUCHI <address@hidden>
PGP fingerprint: D1CB 0B89 B346 4AB6 5663  C4B6 3CA5 BBB3 57BE DDA3



--
Shigio YAMAGUCHI <address@hidden>
PGP fingerprint: D1CB 0B89 B346 4AB6 5663  C4B6 3CA5 BBB3 57BE DDA3
reply via email to
[Prev in Thread] Current Thread [Next in Thread]