Thanks @antongolub I didn't knew. The libraries you mentioned seem cool. I would check them out. Why is using child process like this unsafe didn't understood well. Any article ont that?
Thanks now I get it. Passing user input in such commands can be dangerous. Similar to the way SQL injection attacks happen by I'll formatted arguments.
Thanks @antongolub I didn't knew. The libraries you mentioned seem cool. I would check them out. Why is using child process like this unsafe didn't understood well. Any article ont that?
Ok, here's a RCE example)
Key tip: you need to understand the boundaries of the arguments and escape the characters that can violate them.
Thanks now I get it. Passing user input in such commands can be dangerous. Similar to the way SQL injection attacks happen by I'll formatted arguments.
I would surely put some disclaimer on that.