[Scilab-Dev] function "ls"
Pierre MARECHAL
pierre.marechal at inria.fr
Fri Feb 8 10:30:28 CET 2008
I agree with you, unix() call into .sci macros (of scilab distrib.) has
to be prohibited.
Pierre
Sylvestre Ledru a écrit :
> Hi,
>
> I am thinking about changing the behaviour of the function ls
> http://www.scilab.org/product/man/index.php?module=fileio&page=ls.htm
>
> I would like to remove the second input argument for a few reasons:
> * security issues. This simple example shows how weak it is :
> ls("*.sci","`echo hacked >/tmp/hmhm`")
>
> * Compatiblity and portability. A user working under Linux and using
> tricks on this function won't have the same result under proprietary
> operating systems.
>
> * We are too closely related to the ls behaviour on the platform
>
> * The code could be directly pluged to the listfiles and therefore
> facilitate the maintenance (It is already the case under Windows).
>
> Any objections ?
>
> Sylvestre
>
>
--
===================================================
Pierre MARECHAL
INRIA - Centre de Recherche de Paris - Rocquencourt
Domaine de Voluceau - B.P. 105
78153 Le Chesnay Cedex
===================================================
Equipe-Projet Scilab
Bâtiment 1B - Bureau 008
Email : pierre.marechal at inria.fr
===================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.scilab.org/pipermail/dev/attachments/20080208/b8b832dc/attachment.htm>
More information about the dev
mailing list