[quake3-bugzilla] [Bug 4520] /sysexec, execute an external program
bugzilla-daemon at icculus.org
bugzilla-daemon at icculus.org
Fri Feb 4 09:50:37 EST 2011
https://bugzilla.icculus.org/show_bug.cgi?id=4520
--- Comment #2 from Thilo Schulz <arny at ats.s.bawue.de> 2011-02-04 09:50:34 EST ---
I'm sorry, I realize my initial response is a bit harsh, so I'll explain to you
why I said no:
I feel extremely uncomfortable adding any such command, because system() is
known to be unsafe. I am a bit afraid because the server has some power to
execute certain commands on the client. If there is a security hole in ioquake3
we don't know about yet, this command will open ioquake3 wide open for remote
exploitation.
--
Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the quake3-bugzilla
mailing list