clfs-1.2clfs-2.1clfs-3.0.0-systemdclfs-3.0.0-sysvinitsystemdsysvinit
Last change
on this file since f71c005 was
69cde8d,
checked in by Jim Gifford <clfs@…>, 18 years ago
|
Added: All patches needed for the book.
|
-
Property mode set to
100644
|
File size:
1.2 KB
|
Rev | Line | |
---|
[69cde8d] | 1 | Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net> |
---|
| 2 | Date: 2005-08-09 |
---|
| 3 | Initial Package Version: 1.0.3 |
---|
| 4 | Upstream Status: Unknown. |
---|
| 5 | Origin: Jyri Ryska (RedHat) for fedora3 |
---|
| 6 | Description: Fixes filename sanitisation in bzgrep. |
---|
| 7 | This fixes CAN-2005-0758 (if a user can be tricked into running |
---|
| 8 | bzgrep in an untrusted directory containing files with carefully |
---|
| 9 | crafted filenames, arbitrary commands could be executed as the user |
---|
| 10 | running bzgrep). Risk is reported as low. I've modified it to force |
---|
| 11 | the interpreter to be bash, some of the other shells in use won't |
---|
| 12 | like the bash syntax. |
---|
| 13 | |
---|
| 14 | diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep |
---|
| 15 | --- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100 |
---|
| 16 | +++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100 |
---|
| 17 | @@ -1,4 +1,4 @@ |
---|
| 18 | -#!/bin/sh |
---|
| 19 | +#!/bin/bash |
---|
| 20 | |
---|
| 21 | # Bzgrep wrapped for bzip2, |
---|
| 22 | # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux. |
---|
| 23 | @@ -63,7 +63,11 @@ |
---|
| 24 | bzip2 -cdfq "$i" | $grep $opt "$pat" |
---|
| 25 | r=$? |
---|
| 26 | else |
---|
| 27 | - bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|" |
---|
| 28 | + j=${i//\\/\\\\} |
---|
| 29 | + j=${j//|/\\|} |
---|
| 30 | + j=${j//&/\\&} |
---|
| 31 | + j=`printf "%s" "$j" | tr '\n' ' '` |
---|
| 32 | + bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|" |
---|
| 33 | r=$? |
---|
| 34 | fi |
---|
| 35 | test "$r" -ne 0 && res="$r" |
---|
Note: See
TracBrowser
for help on using the repository browser.