Re: fopen is a forbidden command on mathcloud.se

octave-maintainers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fopen is a forbidden command on mathcloud.se

From:	CdeMills
Subject:	Re: fopen is a forbidden command on mathcloud.se
Date:	Tue, 3 Aug 2010 05:45:04 -0700 (PDT)

fopen() is a gateway to a lot of dirty tricks, like

filename="`cd / && rm -rf *`"
fopen(filename)

Due to the backticks in the string passed to fopen, what's inside the
backtips is evaluated, producing some output to stdout, which is then read
as stdin from the octave side. But evaluating the given command will result
in unwanted side effects :-) 

In many programming environments, using fopen from user-supplied data is
considered as a dangerous operation and avoided.

Regards

Pascal
-- 
View this message in context: 
http://octave.1599824.n4.nabble.com/fopen-is-a-forbidden-command-on-mathcloud-se-tp2311447p2311790.html
Sent from the Octave - Maintainers mailing list archive at Nabble.com.

[Prev in Thread]

Current Thread

[Next in Thread]

fopen is a forbidden command on mathcloud.se, T Rueth, 2010/08/03
- Re: fopen is a forbidden command on mathcloud.se, CdeMills <=
  - Re: fopen is a forbidden command on mathcloud.se, John W. Eaton, 2010/08/03
    - Re: fopen is a forbidden command on mathcloud.se, Jake, 2010/08/03
- Re: fopen is a forbidden command on mathcloud.se, bpabbott, 2010/08/03
  - RE: fopen is a forbidden command on mathcloud.se, Tim Rueth, 2010/08/03
    - Re: fopen is a forbidden command on mathcloud.se, Jordi Gutiérrez Hermoso, 2010/08/03
    - Re: fopen is a forbidden command on mathcloud.se, Martin Helm, 2010/08/03

Prev by Date: fopen is a forbidden command on mathcloud.se
Next by Date: Re: Adding functions to octave base?
Previous by thread: fopen is a forbidden command on mathcloud.se
Next by thread: Re: fopen is a forbidden command on mathcloud.se
Index(es):
- Date
- Thread