Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
freem
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Openai/6911cc4b-5d54-800b-88ae-dc7ac6ff2d3d
(section)
Add languages
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==== - 不要使用 </code>popen()<code>/</code>system()<code> 来执行包含不可信输入的命令,因为 popen() 也会调用 shell(/bin/sh -c)。 ==== * 若必须调用 shell(例如需要 shell 特性),对用户输入做白名单校验或严格转义(非常困难且容易出错)。白名单优先:只允许预定义的命令或允许的文件名集合。 * 使用 </code>posix_spawn()` 作为 fork+exec 的更高效替代(在某些平台上更适合)。 * 避免信任环境变量(PATH 问题):如果确实要 exec 可执行文件,最好用绝对路径 /usr/bin/ls,或显式设置 env。 * 最小化权限:以最低必要权限运行可执行文件,使用 chroot、selinux、capabilities 等进一步降低风险。 * 输入校验:对于“应允许的”输入形式(数字、特定文件名格式),使用正则或检查字符集,拒绝包含空格与 shell 元字符的输入。
Summary:
Please note that all contributions to freem are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 (see
Freem:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
