diff options
| author | Arnold D. Robbins <arnold@skeeve.com> | 2019-05-06 21:28:26 +0300 |
|---|---|---|
| committer | Arnold D. Robbins <arnold@skeeve.com> | 2019-05-06 21:28:26 +0300 |
| commit | 98c0e68100e8d41dee98750cc36b53dcf5ba76aa (patch) | |
| tree | b9e4b0ba83fe56b6131163ce478062e0d9e8c45e /doc/gawk.texi | |
| parent | 779ba383895f791a8437ecbcb602c8c633e12fc1 (diff) | |
| download | egawk-98c0e68100e8d41dee98750cc36b53dcf5ba76aa.tar.gz egawk-98c0e68100e8d41dee98750cc36b53dcf5ba76aa.tar.bz2 egawk-98c0e68100e8d41dee98750cc36b53dcf5ba76aa.zip | |
Improve sandbox mode.
Diffstat (limited to 'doc/gawk.texi')
| -rw-r--r-- | doc/gawk.texi | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/gawk.texi b/doc/gawk.texi index d56261b6..0844b80c 100644 --- a/doc/gawk.texi +++ b/doc/gawk.texi @@ -4271,10 +4271,13 @@ representation of the program. @cindex @option{-S} option @cindex @option{--sandbox} option @cindex sandbox mode +@cindex @code{ARGV} array Disable the @code{system()} function, input redirections with @code{getline}, output redirections with @code{print} and @code{printf}, and dynamic extensions. +Also, disallow adding filenames to @code{ARGV} that were +not there when @command{gawk} started running. This is particularly useful when you want to run @command{awk} scripts from questionable sources and need to make sure the scripts can't access your system (other than the specified input @value{DF}). @@ -39955,7 +39958,7 @@ Anders Wallin helped keep the VMS port going for several years. @item @cindex Gordon, Assaf -Assaf Gordon contributed the code to implement the +Assaf Gordon contributed the initial code to implement the @option{--sandbox} option. @item |