Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Security question with grep/egrep



>>>>> "Jim" == Jim Breen <Jim.Breen@example.com> writes:

    Jim> [...] the CGI program would do a system() call [...]

Since you care about the host, don't do system() calls.  There are too
many ways to break the call itself, and you then become hostage to any
security holes that may exist in the called programs as well.

What's wrong with using the native regexp facility of whatever you're
using to write the CGI?  Even if it's in C or C++, the POSIX regcomp/
regexec facility is not rocket science to use.  That's what you'd be
using with grep, anyway, AFAIK.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links