On Dec 6, 2012 10:08 AM, "Rena" <firstname.lastname@example.org> wrote:
> (It's also not secure at all; consider dirname="x;rm -rf /")
Yes, good old shell injection. That's why os.execute is very unsafe; one should use a library that has the API for filesystem stuff (luaposix? lfs?).
BTW, one must also --no-preserve-root these dreaded days... =/