Enhanced RDoc concerning command injection (#5537)

Clarifies security vulnerabilities for commands. Treats: Kernel.system Kernel.` (backtick) IO.popen IO.read IO.write IO.binread IO.binwrite IO.readlines IO.foreach
author: Burdette Lamar <BurdetteLamar@Yahoo.com> 2022-02-18 06:46:04 -0600
committer: GitHub <noreply@github.com> 2022-02-18 06:46:04 -0600
commit: e9a2b30744a62268c66d6c17730ed96486d9783c (patch)
tree: fb36036ef21bdfc71104a527766a692f8a834b65 /process.c
parent: 542a38f619bea9fa7aa5a6be1449fc5f9b4d01e9 (diff)
download: ruby-e9a2b30744a62268c66d6c17730ed96486d9783c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/process.c b/process.c
index 8eee6f772a..4011aa569f 100644
--- a/process.c
+++ b/process.c
@@ -4755,6 +4755,9 @@ rb_spawn(int argc, const VALUE *argv)
  *  Executes _command..._ in a subshell.
  *  _command..._ is one of following forms.
  *
+ *  This method has potential security vulnerabilities if called with untrusted input;
+ *  see {Command Injection}[command_injection.rdoc].
+ *
  *  [<code>commandline</code>]
  *    command line string which is passed to the standard shell
  *  [<code>cmdname, arg1, ...</code>]
author	Burdette Lamar <BurdetteLamar@Yahoo.com>	2022-02-18 06:46:04 -0600
committer	GitHub <noreply@github.com>	2022-02-18 06:46:04 -0600
commit	e9a2b30744a62268c66d6c17730ed96486d9783c (patch)
tree	fb36036ef21bdfc71104a527766a692f8a834b65 /process.c
parent	542a38f619bea9fa7aa5a6be1449fc5f9b4d01e9 (diff)
download	ruby-e9a2b30744a62268c66d6c17730ed96486d9783c.tar.gz