PHP is the new C
Posted Oct 6, 2006 9:04 UTC (Fri) by dark
In reply to: PHP is the new C
Parent article: Report: Vulnerability type distributions in CVE
It's often annoyed me that scripting languages tend to provide an insecure interface to system() by default, and you have to jump through all sorts of hoops to get access to fork/exec, if you can do it at all. All I'm asking for is something similar to system() that takes an array of arguments and bypasses the shell. Giving programmers easy access to that would avoid a huge number of vulnerabilities.
to post comments)