Bug#924792: pidof: unsanitized user input makes pidof crash

Jesse Smith jsmith at resonatingmedia.com
Mon Mar 18 18:52:07 GMT 2019

> Wouldn't you need to have some process which was passing untrusted data
> directly to the `-f` argument, is that likely in the real world?

It may not be likely, but anything that makes a command line tool crash
or output weird data after being fed unfiltered command line input is
not a good situation. I could see a situation where this might be
exploited in a script to give bad results or kill the wrong process. So
it's probably low risk, but I'd like to reduce that risk further.

More information about the Debian-init-diversity mailing list