There are some places in biultin editor, where systen() is called with unchecked user input. For example pipe_mail(), edit_sort_cmd() and edit_block_process_cmd() in edit/editcmd.c, but user input is not checked. It will be nice to use mc_doubleopen() there to prevent possible security and data loss issue there. -- Regards, Andrew V. Samoilov.