27 Mar
2011
27 Mar
'11
3:08 a.m.
2011/3/27 Raj Mathur (राज माथुर) raju@linux-delhi.org:
Both are unsafe. Consider the user who enters his username as (literally):
Raj `rm -rf /`Mathur
Indeed. Good catch. I had checked for forward ticks which bash appeared to escape properly but only assumed backticks would be escaped similarly.
Binand