Re: deb vfs security issue (CAN-2004-0494)

From: Jakub Jelinek <jakub redhat com>
To: Leonard den Ottolander <leonard den ottolander nl>
Cc: MC Devel <mc-devel gnome org>
Subject: Re: deb vfs security issue (CAN-2004-0494)
Date: Wed, 18 Aug 2004 17:22:09 +0200

On Wed, Aug 18, 2004 at 07:28:23PM +0200, Leonard den Ottolander wrote:
> Hi,
> 
> On Wed, 2004-08-18 at 16:31, Leonard den Ottolander wrote:
> > I noticed this in Red Hat's bugzilla just now:
> > http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127973 .
> 
> Attached is a patch that escapes all dangerous characters for function
> arguments. More specifically, everything not in A-Z, a-z, 0-9, _, /, .,
> - and +.
> 
> Could somebody on a system with dpkg installed verify that things still
> work correctly after applying this patch? Thanks.

There are many other scripts which need similar treatment.
grep -l bin/perl /usr/share/mc/extfs/* | xargs grep open
shows a lot of (potential) problems, at least in a, apt, debd, mailfs,
patchfs, rpms and uzip.

	Jakub

Follow-Ups:
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander

References:
- deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]