commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: svn commit: r1003770 - in /commons/proper/daemon/trunk: RELEASE-NOTES.txt src/native/windows/src/service.c
Date Sat, 02 Oct 2010 14:14:21 GMT
On 2 October 2010 15:06, Mladen Turk <mturk@apache.org> wrote:
> On 10/02/2010 03:16 PM, sebb wrote:
>>
>> Not sure that is entirely safe?
>> AFAICT, the service name can now contain arbitrary non-alphanumeric
>> characters, including control chars.
>> For example, I don't think it's wise to allow>  <  or | - and there are
>> probably others.
>>
>
> All correct, but this is according to the MSDN:
> 256 chars except '/' and '\\' (path separators)
> We add space cause we need that in service name from the process name
> guessing. If anything is about to fail, then the Win API call will fail
> and we'll log the reason.

Yes, but AFAIK we don't just use the value as the service name.
I think we need to be sure that the value cannot 'escape' into other
uses which might cause problems, e.g. interpretation of shell
meta-characters.

>
> Regards
> --
> ^TM
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message