function "ls"
Sylvestre Ledru
sylvestre.ledru at inria.fr
Fri Feb 8 10:16:27 CET 2008
Hi,
I am thinking about changing the behaviour of the function ls
http://www.scilab.org/product/man/index.php?module=fileio&page=ls.htm
I would like to remove the second input argument for a few reasons:
* security issues. This simple example shows how weak it is :
ls("*.sci","`echo hacked >/tmp/hmhm`")
* Compatiblity and portability. A user working under Linux and using
tricks on this function won't have the same result under proprietary
operating systems.
* We are too closely related to the ls behaviour on the platform
* The code could be directly pluged to the listfiles and therefore
facilitate the maintenance (It is already the case under Windows).
Any objections ?
Sylvestre
More information about the dev
mailing list