source:
patches/bzip2-1.0.3-bzgrep_security-1.patch@
9eda04a
      
      | Last change on this file since 9eda04a was 69cde8d, checked in by , 20 years ago | |
|---|---|
| 
 | |
| File size: 1.2 KB | |
- 
      bzip2-1.0.Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net> Date: 2005-08-09 Initial Package Version: 1.0.3 Upstream Status: Unknown. Origin: Jyri Ryska (RedHat) for fedora3 Description: Fixes filename sanitisation in bzgrep. This fixes CAN-2005-0758 (if a user can be tricked into running bzgrep in an untrusted directory containing files with carefully crafted filenames, arbitrary commands could be executed as the user running bzgrep). Risk is reported as low. I've modified it to force the interpreter to be bash, some of the other shells in use won't like the bash syntax. diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep old new 1 #!/bin/ sh1 #!/bin/bash 2 2 3 3 # Bzgrep wrapped for bzip2, 4 4 # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux. … … 63 63 bzip2 -cdfq "$i" | $grep $opt "$pat" 64 64 r=$? 65 65 else 66 bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|" 66 j=${i//\\/\\\\} 67 j=${j//|/\\|} 68 j=${j//&/\\&} 69 j=`printf "%s" "$j" | tr '\n' ' '` 70 bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" 67 71 r=$? 68 72 fi 69 73 test "$r" -ne 0 && res="$r" 
  Note:
 See   TracBrowser
 for help on using the repository browser.
    
