Skip to main content.
home | support | download

Back to List Archive

Re: Document Abstracting and SWISH-E -Reply

From: Steve van der Burg <steve.vanderburg(at)not-real.LHSC.ON.CA>
Date: Thu Sep 09 1999 - 17:48:45 GMT
Roy Tennant <rtennant@library.berkeley.edu> wrote:
> I added a link to Steve's work on the SWISH-E Third Part
> Scripts page at:
> http://sunsite.berkeley.edu/SWISH-E/Scripts/

Thanks, Roy.  For anybody who might have already grabbed
a copy of the code, please grab it again, because the CGI
program ("search") has just been changed a bit -- I replaced
the pipe-open with the much safer fork-open + exec that
bypasses any shell involvement and possible nasty exploits
that could result.
I was afraid that someone out there might turn off the
"clean_spec" code that was protecting against unexpected
shell expansion, and thus open a security hole.  The new
version is totally immune to such problems.

...Steve

--
Steve van der Burg
Technical Analyst, Information Services
London Health Sciences Centre
London, Ontario, Canada
Tel:  +1 519 685-8300 x 35559
Email: steve.vanderburg@lhsc.on.ca
Received on Thu Sep 9 10:43:30 1999