[angry_octet]

It seems strange that people are blaming C for this. I see the real problem being that it is a unix pattern to use the shell to pass arguments to programs, even when that input is possibly malicious. Obviously doing this as root takes it from RCE to juggling with plutonium, but a non-confined non-root shell is pretty awful.

The code seems to go out of its way to avoid using the system() call to shell out, but then does exactly what system() would do.

[angry_octet]

Apropos of this, I was listening to the excellent On The Metal podcast, and Jonathan Blow made the point that Unix/shell has no type safety. Can we get a version of bash with strict types and typed arguments? (Does Powershell do anything in this regard?)

https://oxide.computer/blog/tags/podcast/