Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.3: Use new say command for easy Terminal speech' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Use new say command for easy Terminal speech
Authored by: Anonymous on Nov 20, '03 03:06:52PM

This sounds like an exceptionally bad idea to me. A malicious user could just type in a quote, followed by &&, followed by any malicious command, and then another quote to match the one at the end. You REALLY don't want to give arbitrary users permission to execute shell commands on your system.



[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: rbest on Nov 20, '03 07:28:47PM

Since what ever the user types is in quotes, what could the user type that would do anything other than speak the text.
Example: I tried to enter: hello " && open /Applications/Calculator.app
and nothing happened. Please, if I'm wrong and someone CAN do something malicious, please correct me.



[ Reply to This | # ]
10.3: Use new say command for easy Terminal speech
Authored by: ua on Nov 20, '03 09:54:00PM
Looks like:
"; rm -rf /
would be pretty bad.

[ Reply to This | # ]