Bug#924792: pidof: unsanitized user input makes pidof crash
KatolaZ
katolaz at freaknet.org
Tue Mar 19 06:09:56 GMT 2019
On Mon, Mar 18, 2019 at 05:10:36PM -0300, Jesse Smith wrote:
> I have been playing around with this a little and believe I have come up
> with a workable solution. The attached patch causes the passed in format
> string to be dumbed down so that we only translate instances of %d into
> the PID and \n into newline characters. Everything else is treated as a
> literal part of the string.
>
> This effectively should neutralize any use of %s %c %f etc to cause a
> segfault or dump memory. (Hopefully.)
Now just my2cents: if the only thing the flag does is accepting '%d'
and '\n', logic would suggest that the flag is not particularly
useful, since this kind of formatting can (and should) be done
downstream, by sed/awk/whatever. Adding 40 lines of code just to check
that the user has asked pidof to print a PID as an integer looks like
an unneded convolution to me.
Sorry for the noise, but I think unix is much better than that :\
My2Cents
KatolaZ
--
[ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ]
[ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ]
[ @) http://kalos.mine.nu --- Devuan GNU + Linux User ]
[ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ]
[ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/attachments/20190319/3fca52ed/attachment.sig>
More information about the Debian-init-diversity
mailing list