On 08/23/11 10:54, Frédéric Heulin wrote:
> Hi,
>
> I am experiencing some problems with the wordexp function.
>
> I am working on a program whose purpose is to launch program on file patterns.
> To evaluate the list of files, I use the wordexp function,
> and to know when launched programs are over, I have attached a function
> ("childcatcher") to SIGCHLD signal.
It's probably not what you want to hear, but in my opinion the best
advice is to avoid the use of wordexp. It's an ugly beast. In order to
avoid duplicating functionality and bloating your process address space,
it execs a 'ksh' child to do the expansion. That expansion has many
issues with it, notably with security. The user writing the
configuration file you're parsing can cause your program to unwittingly
run other programs (using, for example, `` or $( ) in the file) with
your program's credentials. And since the file lines are passed as
arguments, any sensitive information the file contains will be broadcast
to other users via "ps."
And since it forks/execs/waits for each one of these results, it'll also
be really slow.
Years ago, I filed a bug with the summary "wordexp is slow and leaky" to
describe these sorts of problems. I don't have access to the bug
database anymore, but I don't think it's been addressed.
If all you want is file pattern matching, check out glob(3C) or
fnmatch(3C) or regexp(5).
Given the implementation, I think it's a little hard to imagine the
question to which wordexp(3C) would be a good answer.
--
James Carlson 42.703N 71.076W <carls...@workingcode.com>
_______________________________________________
opensolaris-code mailing list
opensolaris-code@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
