From b8fb090c167ff500a8d702f612a42914d4f0bb03 Mon Sep 17 00:00:00 2001 From: james Date: Sat, 6 Sep 2008 09:42:17 +0000 Subject: 2.1_rc8 and earlier did implicit shell expansion on script arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5 --- errlevel.h | 1 + 1 file changed, 1 insertion(+) (limited to 'errlevel.h') diff --git a/errlevel.h b/errlevel.h index 38480ef..95c8a30 100644 --- a/errlevel.h +++ b/errlevel.h @@ -75,6 +75,7 @@ #define D_CLOSE LOGLEV(2, 22, 0) /* show socket and TUN/TAP close */ #define D_SHOW_OCC_HASH LOGLEV(2, 23, 0) /* show MD5 hash of option compatibility string */ #define D_PROXY LOGLEV(2, 24, 0) /* show http proxy control packets */ +#define D_ARGV LOGLEV(2, 25, 0) /* show struct argv errors */ #define D_TLS_DEBUG_LOW LOGLEV(3, 20, 0) /* low frequency info from tls_session routines */ #define D_GREMLIN LOGLEV(3, 30, 0) /* show simulated outage info from gremlin module */ -- cgit