2009-12-16

unix-c command line vulnerabilities

7.27: addm/command line vulnerabilities
. it was said that parsers should have minimal abilities,
because the C lang' allows buffer overruns that are then
running arbitrary code from the parser's space .
. notice that every c program can start by parsing a command line;
I wondered if this could be trouble .
pos:
. addx doesn't use that command line for anything;
everything happens through a config'file to start addx up;
then the addx command line uses etrees, not strings for param's .