Bug#924792: pidof: unsanitized user input makes pidof crash

Matteo Croce apu at teknoraver.net
Sun Mar 17 18:06:31 GMT 2019

Package: sysvinit-utils
Version: 2.93-8
Severity: normal

Dear Maintainer,

#571590 added the '-f' argument to pidof, which allows to specify an
arbitrary format string for the PIDs.
Unfortunately this is broken, because passing plain user input to
printf() can easily exploited:

$ pidof -f "$(perl -e 'print "%016llx\n"x256')" pidof

$ pidof -f %s pidof
Segmentation fault

Matteo Croce
per aspera ad upstream

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.0.0-apu (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sysvinit-utils depends on:
ii  init-system-helpers  1.56+nmu1
ii  libc6                2.28-8
ii  util-linux           2.33.1-0.1

sysvinit-utils recommends no packages.

sysvinit-utils suggests no packages.

-- no debconf information

More information about the Debian-init-diversity mailing list