Bug#924792: pidof: unsanitized user input makes pidof crash
KatolaZ
katolaz at freaknet.org
Tue Mar 19 15:15:34 GMT 2019
On Tue, Mar 19, 2019 at 03:36:41PM +0100, Matteo Croce wrote:
> Hi all,
>
> I have an idea: implement an option to specify the default separator as
> in propcs-ng:
>
> https://gitlab.com/procps-ng/procps/commit/73492b182dc60c1605d1b0d62de651fad97807af
>
> $ pidof bash
> 17701 14019 5276 2967
>
> $ pidof -S, bash
> 17701,14019,5276,2967
>
> $ pidof -S'
> ' bash
> 17701
> 14019
> 5276
> 2967
>
> This should be enough to avoid extra calls to grep/sed/awk and
> impossible to exploit.
I would second this solution, provided that the allowed separator is
exactly one character. Either '-S' or '-F' would recall similar flags
in other tools, and would do the trick.
A possible patch is attached
HND
KatolaZ
-------------- next part --------------
A non-text attachment was scrubbed...
Name: field-separator.patch
Type: text/x-diff
Size: 3066 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/attachments/20190319/68ca30ce/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/attachments/20190319/68ca30ce/attachment.sig>
More information about the Debian-init-diversity
mailing list