ctags(1) command execution vulnerability
Roman Bogorodskiy
bogorodskiy at inbox.ru
Fri May 7 07:19:13 PDT 2004
Crist wrote:
> As has been pointed out, the problem here is user supplied data to a system(3)
> call that we really cannot sanitize without filtering a lot of valid file names.
> The Right Thing is to get rid of system(3).
>
> This seems to work. Fixing the sort is trivial. Adding the regex checks to the
> program adds a little complexity, but not a lot. Anyone who actually uses
> ctags(1) want to try them out some more to see if they hold up?
Using fork() + execlp() instead of system() is a good idea. Your
solution works for me.
Will this fix be commited?
-Roman Bogorodskiy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 479 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040507/cdd23b87/attachment.bin
More information about the freebsd-security
mailing list