[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: htags cgi bug on win32
From: |
Shigio YAMAGUCHI |
Subject: |
Re: htags cgi bug on win32 |
Date: |
Thu, 15 Feb 2007 09:14:02 +0900 |
Hello,
> Well, the HTML which htags generated with cgi option can't search on Win32
> Platform.
>
> I dig into the problem, I found that :
>
> htags/global.cgi :
> open(PIPE, "-|") || exec '@globalpath@', '--result=ctags-xid', '-e',
> $pattern;
>
> The problem is, the "-|" is not supported on Win32.
>
> So, I wrote this patch.
>
> Please review it.
It seems that the patch is vulnerable to the attack called
'OS command injection'. Since the method which uses
'open(PIPE, "-|") || exec' is safe in UNIX environment,
I hesitate to change it.
I will accept any patch for Windows if it works well without
security hole and it doesn't influence UNIX environment.
Anyway, thank you for your report.
--
Shigio YAMAGUCHI <address@hidden> - Tama Communications Corporation
PGP fingerprint: D1CB 0B89 B346 4AB6 5663 C4B6 3CA5 BBB3 57BE DDA3