Displaying 2 results from an estimated 2 matches for "sys_tempdir".
2023 Feb 16
2
Robustifying R_CleanTempDir a bit more
...e:
> Hello,
>
> This is probably a very minor point, but R_CleanTempDir may still have
> a shell injection in it. I couldn't find a way to shoot the user in the
> foot in a significant way (by, say, accidentally removing ~), thanks to
> R disallowing spaces in the path, but if Sys_TempDir somehow acquires a
> value of "/tmp/';echo;'", R_CleanTempDir() will remove /tmp instead of
> its aptly-named subdirectory.
Please see 83851 from earlier today which does a bit more of
robustification, and if you find any problem in it, please let me know.
> While adding...
2023 Feb 16
1
Robustifying R_CleanTempDir a bit more
Hello,
This is probably a very minor point, but R_CleanTempDir may still have
a shell injection in it. I couldn't find a way to shoot the user in the
foot in a significant way (by, say, accidentally removing ~), thanks to
R disallowing spaces in the path, but if Sys_TempDir somehow acquires a
value of "/tmp/';echo;'", R_CleanTempDir() will remove /tmp instead of
its aptly-named subdirectory.
While adding the single-quote symbol to the list of special symbols
should suffice (it and the backslash being the only allowed ways to
"un-quote" a s...