Hi Tomas, On Fri, Dec 28, 2018 at 12:53:00PM +0000, Tomas Bortoli wrote: > > By shell escaping I meant to escape all the special shell characters > within the input. That'd probably need additional dependencies or a neat > sanitizer function. > > But I was wrong, it's unnecessary as there's no shell interpreter there > but it's just using `execv` to get rsh/ssh running. > > I agree that preventing the injection of spaces will prevent the > injection of additional parameters and therefore the execution of > unexpected commands. > Thanks for the feedback and confirmation.
Regards, -Roberto -- Roberto C. Sánchez
