Bug#924792: pidof: unsanitized user input makes pidof crash
Jesse Smith
jsmith at resonatingmedia.com
Mon Mar 18 18:52:07 GMT 2019
> Wouldn't you need to have some process which was passing untrusted data
> directly to the `-f` argument, is that likely in the real world?
It may not be likely, but anything that makes a command line tool crash
or output weird data after being fed unfiltered command line input is
not a good situation. I could see a situation where this might be
exploited in a script to give bad results or kill the wrong process. So
it's probably low risk, but I'd like to reduce that risk further.
More information about the Debian-init-diversity
mailing list