You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@lucy.apache.org by ma...@apache.org on 2006/10/28 04:39:12 UTC

svn commit: r468618 - /lucene/lucy/trunk/charmonizer/README

Author: marvin
Date: Fri Oct 27 19:39:12 2006
New Revision: 468618

URL: http://svn.apache.org/viewvc?view=rev&rev=468618
Log:
Add a security section to the README.

Modified:
    lucene/lucy/trunk/charmonizer/README

Modified: lucene/lucy/trunk/charmonizer/README
URL: http://svn.apache.org/viewvc/lucene/lucy/trunk/charmonizer/README?view=diff&rev=468618&r1=468617&r2=468618
==============================================================================
--- lucene/lucy/trunk/charmonizer/README (original)
+++ lucene/lucy/trunk/charmonizer/README Fri Oct 27 19:39:12 2006
@@ -18,7 +18,7 @@
         printf(config_fh, "/* Auto-generated file - do not edit!! */\n\n");
         
         /* set up Charmonizer */
-        chaz_init("darwin", "cc", "-I/usr/local/include");
+        chaz_init(config_fh, "darwin", "cc", "-I/usr/local/include");
         
         /* run desired Charmonizer modules */
         chaz_Integers_run(config_fh);
@@ -75,6 +75,12 @@
     These source files are run through the "metaquote" utility -- which
     transforms everything between paired METAQUOTE tags into concatenated
     string literals.  The result is hideous but valid C.
+
+SECURITY
+
+    Charmonizer expects that it will always be run with input from trusted users
+    only.  You should be careful about what strings you pass to chaz_init(),
+    since they will be used to concatenate commands invoked via system().
 
 COPYRIGHT AND LICENSE