Reply to post: Re: That's the unix way of doing things..

Server-jacking exploits for ImageMagick are so trivial, you'll scream

h4rm0ny

Re: That's the unix way of doing things..

>>"qrencode -t PNG -o - "${1:-Empty data!}" | display &"

>>Joining two applications without having to do anything special is part of how Unix stuff works.

We're talking about calling this from another program or a web script, so tell me why building your command line above is less "having to do anything special" than using an API like the following:

Imagick imageTool = new Imagick();

imageTool->grencode('png',outputFile);

Etc. Is building a command line and sending it to the shell inherently simpler? I think the opposite. It's certainly more prone to vulnerabilities which was the OP's point.

Text is a terrible way of joining programs together.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021