From owner-cvs-all@FreeBSD.ORG  Fri May  7 12:44:40 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DF91F16A4CE; Fri,  7 May 2004 12:44:40 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id BD91043D5A; Fri,  7 May 2004 12:44:40 -0700 (PDT)
	(envelope-from cjc@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i47JieGe021331;
	Fri, 7 May 2004 12:44:40 -0700 (PDT)
	(envelope-from cjc@repoman.freebsd.org)
Received: (from cjc@localhost)
	by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i47Jiehn021330;
	Fri, 7 May 2004 12:44:40 -0700 (PDT)
	(envelope-from cjc)
Message-Id: <200405071944.i47Jiehn021330@repoman.freebsd.org>
From: "Crist J. Clark" <cjc@FreeBSD.org>
Date: Fri, 7 May 2004 12:44:40 -0700 (PDT)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/usr.bin/ctags ctags.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2004 19:44:41 -0000

cjc         2004/05/07 12:44:40 PDT

  FreeBSD src repository

  Modified files:
    usr.bin/ctags        ctags.c 
  Log:
  It was pointed out[0] that ctags(1) uses some potentially dangerous
  system(3) calls where user-supplied data is used with no sanity
  checking. Since ctags(1) is not setuid and is not likely to be used
  in a privileged situation, this is not a big deal. However, the
  fix is relatively easy and less ugly than the current code, let's be
  safe. (I'm sure there are about 2^134 other system(3) calls like this
  out there.)
  
  [0] On freebsd-security by Roman Bogorodskiy <bogorodskiy@inbox.ru>
  with subject "ctags(1) command execution vulnerability."
  
  MFC after:      3 days
  
  Revision  Changes    Path
  1.19      +45 -16    src/usr.bin/ctags/ctags.c