[MPlayer-dev-eng] unrarlib still broken on 64bit

Piotr Kaczuba pepe at attika.ath.cx
Thu Jul 5 23:07:36 CEST 2007


On 2007-07-05 22:40, Guillaume POIRIER wrote:
> Doesn't that imply using system() syscall, opening up all kinds of
> security breaches?
> 
> I'm no security expert. I just read several times that system() was
> dangerous if used carelessly.

Fork() and exec() should do as well. That way we would avoid spawning a 
shell and there shouldn't be any security risks. It's not as elegant as 
doing it with a call to a library function but this is not always 
possible because of license issues (see libunrar for example).

Piotr




More information about the MPlayer-dev-eng mailing list