diff options
author | Burdette Lamar <BurdetteLamar@Yahoo.com> | 2022-02-18 06:46:04 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-18 06:46:04 -0600 |
commit | e9a2b30744a62268c66d6c17730ed96486d9783c (patch) | |
tree | fb36036ef21bdfc71104a527766a692f8a834b65 /process.c | |
parent | 542a38f619bea9fa7aa5a6be1449fc5f9b4d01e9 (diff) |
Enhanced RDoc concerning command injection (#5537)
Clarifies security vulnerabilities for commands.
Treats:
Kernel.system
Kernel.` (backtick)
IO.popen
IO.read
IO.write
IO.binread
IO.binwrite
IO.readlines
IO.foreach
Notes
Notes:
Merged-By: BurdetteLamar <BurdetteLamar@Yahoo.com>
Diffstat (limited to 'process.c')
-rw-r--r-- | process.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -4755,6 +4755,9 @@ rb_spawn(int argc, const VALUE *argv) * Executes _command..._ in a subshell. * _command..._ is one of following forms. * + * This method has potential security vulnerabilities if called with untrusted input; + * see {Command Injection}[command_injection.rdoc]. + * * [<code>commandline</code>] * command line string which is passed to the standard shell * [<code>cmdname, arg1, ...</code>] |