 |
lua-l archive |
|
|
||
|
On Dec 6, 2012 10:08 AM, "Rena" <hyperhacker@gmail.com> wrote:
> (It's also not secure at all; consider dirname="x;rm -rf /")
Yes, good old shell injection. That's why os.execute is very unsafe; one should use a library that has the API for filesystem stuff (luaposix? lfs?).
BTW, one must also --no-preserve-root these dreaded days... =/