[MPlayer-dev-eng] unrarlib still broken on 64bit
Piotr Kaczuba
pepe at attika.ath.cx
Thu Jul 5 23:07:36 CEST 2007
On 2007-07-05 22:40, Guillaume POIRIER wrote:
> Doesn't that imply using system() syscall, opening up all kinds of
> security breaches?
>
> I'm no security expert. I just read several times that system() was
> dangerous if used carelessly.
Fork() and exec() should do as well. That way we would avoid spawning a
shell and there shouldn't be any security risks. It's not as elegant as
doing it with a call to a library function but this is not always
possible because of license issues (see libunrar for example).
Piotr
More information about the MPlayer-dev-eng
mailing list