--dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Crist wrote: > As has been pointed out, the problem here is user supplied data to a syst= em(3) > call that we really cannot sanitize without filtering a lot of valid file= names. > The Right Thing is to get rid of system(3). >=20 > This seems to work. Fixing the sort is trivial. Adding the regex checks t= o the > program adds a little complexity, but not a lot. Anyone who actually uses= =20 > ctags(1) want to try them out some more to see if they hold up? Using fork() + execlp() instead of system() is a good idea. Your solution works for me.=20 Will this fix be commited?=20 -Roman Bogorodskiy --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iQEVAwUBQJuarSpMDQ8aPhy0AQIExAf/ZERpW7JIgpim7codjVeO14eVfqbD2zvW B79SL13M4F+zixK9Ber++XdMZJu7Tdr3sjziy3TqbQ1ipnzII+G0vzOcaivvdlfR l/27GVl3g+n99o8dT4IRueeWO0ekclOUVy0Wxe+US+8+NCqzPNpJYZH8faC1Me5C H34ghHDx2HMgbrbnWRUgmsDocc/FK7sxCytLKxXgCLVLHawk3sF6Dd485/t/DCfK k+DENYHOdQjMDzNF5NarRvOT9rblfdRlVsy8kqIC0NL61ZXvMPegoFxpM9JF5rj7 bkrZeEu1weTGQVuEReigrfrvu2qxUbUc8R4bbn/ZXS/tWh3fcx6QgQ== =a5R7 -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx--