lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Dec 6, 2012 10:08 AM, "Rena" <hyperhacker@gmail.com> wrote:
> (It's also not secure at all; consider dirname="x;rm -rf /")

Yes, good old shell injection. That's why os.execute is very unsafe; one should use a library that has the API for filesystem stuff (luaposix? lfs?).

BTW, one must also --no-preserve-root these dreaded days... =/