Re: deb vfs security issue (CAN-2004-0494)
- From: Leonard den Ottolander <leonard den ottolander nl>
- To: MC Devel <mc-devel gnome org>
- Subject: Re: deb vfs security issue (CAN-2004-0494)
- Date: Thu, 19 Aug 2004 16:46:12 +0200
Hi Roland,
On Thu, 2004-08-19 at 11:18, Roland Illig wrote:
> > + local($archivename) = map(s/([^\w\/.+-])/\\$1/g, @_);
>
> I would rather write
>
> my ($archivename) = map { s/([^\w\/.+-])/\\$1/g } @_;
That would render the attached deb.in.diff.
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
--- deb.in.000 2004-08-17 22:57:09.000000000 +0200
+++ deb.in 2004-08-19 03:47:39.000000000 +0200
@@ -25,7 +25,7 @@ sub mcdebfs_list
# CAVEAT: Hard links are listed as if they were symlinks
# Empty directories do not appear at all
#
- local($archivename)= _;
+ local($archivename) = map { s/([^\w\/.+-])/\\$1/g } @_;
chop($date=`LC_ALL=C date "+%b %d %Y %H:%M"`);
chop($info_size=`dpkg -I $archivename | wc -c`);
$install_size=length($pressinstall);
@@ -108,7 +108,7 @@ sub mcdebfs_list
sub mcdebfs_copyout
{
- local($archive,$filename,$destfile)= _;
+ local($archive, $filename, $destfile) = map { s/([^\w\/.+-])/\\$1/g } @_;
if($filename eq "INFO")
{
@@ -141,7 +141,7 @@ sub mcdebfs_copyout
sub mcdebfs_run
{
- local($archive,$filename)= _;
+ local($archive,$filename) = @_;
if($filename eq "INSTALL")
{
print "Installing $archive\n";
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]