gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-06-29 00:29:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

clarified the vulnerability with bzgrep

Browse Source 
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@6705 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
Ken Moffat 2005-08-18 16:38:11 +00:00
parent 50125deceb
commit 4c2d97d817
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
chapter06/bzip2.xml
View File

@ -36,8 +36,10 @@ GCC, Glibc, and Make</seg></seglistitem>
<screen><userinput>patch -Np1 -i ../&bzip2-docs-patch;</userinput></screen>
<para><command>Bzgrep</command> fails to sufficiently sanitise filenames passed
to it. Apply the following to address this:</para>
<para><command>Bzgrep</command> does not escape '|' and '&amp;' in filenames passed
to it. This allows arbitrary commands to be executed with the privileges of the
user running <command>bzgrep</command>. Apply the following to address this:
</para>
<screen><userinput>patch -Np1 -i ../&bzip2-bzgrep-patch;</userinput></screen>