• BB_C@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    7 months ago

    Were there actually any real-world use-cases affected by this? Do any of them not deserve to be named and shamed irregardless of this vulnerability?

    If it was up to me, I would nuke the cmd custom implementation, leave some helpful compile error messages behind, and direct users to some 3rd party crates to choose from.

    • BatmanAoD@programming.dev
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      7 months ago

      What custom implementation? The escaping logic?

      Edit: to be clear, there is no “custom implementation” of cmd itself, nor is the problem exclusive to Rust. This is a problem with the Windows cmd itself.