Bug#924792: pidof: unsanitized user input makes pidof crash
Matteo Croce
apu at teknoraver.net
Sun Mar 17 18:06:31 GMT 2019
Package: sysvinit-utils
Version: 2.93-8
Severity: normal
Dear Maintainer,
#571590 added the '-f' argument to pidof, which allows to specify an
arbitrary format string for the PIDs.
Unfortunately this is broken, because passing plain user input to
printf() can easily exploited:
$ pidof -f "$(perl -e 'print "%016llx\n"x256')" pidof
000000000000059d
0000000000000000
000000000000000f
0000558b3f9a5280
00007fd300000000
[...]
$ pidof -f %s pidof
Segmentation fault
Regards,
Matteo Croce
per aspera ad upstream
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.0.0-apu (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sysvinit-utils depends on:
ii init-system-helpers 1.56+nmu1
ii libc6 2.28-8
ii util-linux 2.33.1-0.1
sysvinit-utils recommends no packages.
sysvinit-utils suggests no packages.
-- no debconf information
More information about the Debian-init-diversity
mailing list