Bug#924792: pidof: unsanitized user input makes pidof crash

KatolaZ katolaz at freaknet.org
Tue Mar 19 06:09:56 GMT 2019

On Mon, Mar 18, 2019 at 05:10:36PM -0300, Jesse Smith wrote:
> I have been playing around with this a little and believe I have come up
> with a workable solution. The attached patch causes the passed in format
> string to be dumbed down so that we only translate instances of %d into
> the PID and \n into newline characters. Everything else is treated as a
> literal part of the string.
> This effectively should neutralize any use of %s %c %f etc to cause a
> segfault or dump memory. (Hopefully.)

Now just my2cents: if the only thing the flag does is accepting '%d'
and '\n', logic would suggest that the flag is not particularly
useful, since this kind of formatting can (and should) be done
downstream, by sed/awk/whatever. Adding 40 lines of code just to check
that the user has asked pidof to print a PID as an integer looks like
an unneded convolution to me.

Sorry for the noise, but I think unix is much better than that :\



[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[     "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[       @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[     @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/attachments/20190319/3fca52ed/attachment.sig>

More information about the Debian-init-diversity mailing list