On Thu, May 25, 2023 at 07:42:04PM -0300, Spenser Truex wrote:
> I converted this swallow program to C, not that it makes any difference
> at this code size. It's just a couple of malloc'd strings.
>
> https://github.com/equwal/swallow-c--
$ ./swallow '$(rm -fr $HOME)'
`system` is a function that should never be used unless the person is
aware of all the shell shenanigans that can bite back. The above is an
extreme example, but *any* character that has special meaning to shell
can cause problems.
You should instead look into exec and/or posix_spawn functions before
going any further.
- NRK
Received on Fri May 26 2023 - 08:19:22 CEST