You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucy.apache.org by ma...@apache.org on 2006/10/28 04:39:12 UTC
svn commit: r468618 - /lucene/lucy/trunk/charmonizer/README
Author: marvin
Date: Fri Oct 27 19:39:12 2006
New Revision: 468618
URL: http://svn.apache.org/viewvc?view=rev&rev=468618
Log:
Add a security section to the README.
Modified:
lucene/lucy/trunk/charmonizer/README
Modified: lucene/lucy/trunk/charmonizer/README
URL: http://svn.apache.org/viewvc/lucene/lucy/trunk/charmonizer/README?view=diff&rev=468618&r1=468617&r2=468618
==============================================================================
--- lucene/lucy/trunk/charmonizer/README (original)
+++ lucene/lucy/trunk/charmonizer/README Fri Oct 27 19:39:12 2006
@@ -18,7 +18,7 @@
printf(config_fh, "/* Auto-generated file - do not edit!! */\n\n");
/* set up Charmonizer */
- chaz_init("darwin", "cc", "-I/usr/local/include");
+ chaz_init(config_fh, "darwin", "cc", "-I/usr/local/include");
/* run desired Charmonizer modules */
chaz_Integers_run(config_fh);
@@ -75,6 +75,12 @@
These source files are run through the "metaquote" utility -- which
transforms everything between paired METAQUOTE tags into concatenated
string literals. The result is hideous but valid C.
+
+SECURITY
+
+ Charmonizer expects that it will always be run with input from trusted users
+ only. You should be careful about what strings you pass to chaz_init(),
+ since they will be used to concatenate commands invoked via system().
COPYRIGHT AND LICENSE