Add a CAVEATS section to warn programmers that shell meta-characters will

be passed to the command interpreter.
author: aaron <> 2000-10-06 04:17:51 +0000
committer: aaron <> 2000-10-06 04:17:51 +0000
commit: 51765347c867850bcc3c92e20869f6a530d8d0a2 (patch)
tree: b70bb7733772d6dd95559fb5198c5c968d566cfe /src/lib/libc/stdlib
parent: bac60cdd71e32a92a54762886ece2fab5e012b00 (diff)
download: openbsd-51765347c867850bcc3c92e20869f6a530d8d0a2.tar.gz
openbsd-51765347c867850bcc3c92e20869f6a530d8d0a2.tar.bz2
openbsd-51765347c867850bcc3c92e20869f6a530d8d0a2.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libc/stdlib/system.3 b/src/lib/libc/stdlib/system.3
index 2db413934e..83c6de80e3 100644
--- a/src/lib/libc/stdlib/system.3
+++ b/src/lib/libc/stdlib/system.3
@@ -33,7 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: system.3,v 1.7 2000/04/20 13:50:03 aaron Exp $
+.\"     $OpenBSD: system.3,v 1.8 2000/10/06 04:17:51 aaron Exp $
 .\"
 .Dd June 29, 1991
 .Dt SYSTEM 3
@@ -93,3 +93,11 @@ function conforms to
 .St -ansiC
 and
 .St -p1003.2-92 .
+.Sh CAVEATS
+Never supply the
+.Fn system
+function with a command containing any part of an unsanitized user-supplied
+string.
+Shell meta-characters present will be honored by the
+.Xr sh 1
+command interpreter.
author	aaron <>	2000-10-06 04:17:51 +0000
committer	aaron <>	2000-10-06 04:17:51 +0000
commit	51765347c867850bcc3c92e20869f6a530d8d0a2 (patch)
tree	b70bb7733772d6dd95559fb5198c5c968d566cfe /src/lib/libc/stdlib
parent	bac60cdd71e32a92a54762886ece2fab5e012b00 (diff)
download	openbsd-51765347c867850bcc3c92e20869f6a530d8d0a2.tar.gz openbsd-51765347c867850bcc3c92e20869f6a530d8d0a2.tar.bz2 openbsd-51765347c867850bcc3c92e20869f6a530d8d0a2.zip

diff --git a/src/lib/libc/stdlib/system.3 b/src/lib/libc/stdlib/system.3 index 2db413934e..83c6de80e3 100644 --- a/src/lib/libc/stdlib/system.3 +++ b/src/lib/libc/stdlib/system.3
@@ -33,7 +33,7 @@
33	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	33	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34	.\" SUCH DAMAGE.	34	.\" SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: system.3,v 1.7 2000/04/20 13:50:03 aaron Exp $	36	.\" $OpenBSD: system.3,v 1.8 2000/10/06 04:17:51 aaron Exp $
37	.\"	37	.\"
38	.Dd June 29, 1991	38	.Dd June 29, 1991
39	.Dt SYSTEM 3	39	.Dt SYSTEM 3
@@ -93,3 +93,11 @@ function conforms to
93	.St -ansiC	93	.St -ansiC
94	and	94	and
95	.St -p1003.2-92 .	95	.St -p1003.2-92 .
		96	.Sh CAVEATS
		97	Never supply the
		98	.Fn system
		99	function with a command containing any part of an unsanitized user-supplied
		100	string.
		101	Shell meta-characters present will be honored by the
		102	.Xr sh 1
		103	command interpreter.