Date: Fri, 25 Jan 2002 18:40:02 -0800 (PST) From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/34270: man -k could be used to execute any command. Message-ID: <200201260240.g0Q2e2R99712@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/34270; it has been noted by GNATS.
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Giorgos Keramidas <keramida@FreeBSD.ORG>
Cc: bug-followup@FreeBSD.ORG
Subject: Re: misc/34270: man -k could be used to execute any command.
Date: Fri, 25 Jan 2002 18:23:17 -0800
On Fri, Jan 25, 2002 at 02:50:01PM -0800, Giorgos Keramidas wrote:
> The following reply was made to PR misc/34270; it has been noted by GNATS.
>
> From: Giorgos Keramidas <keramida@freebsd.org>
> To: bug-followup@freebsd.org
> Cc:
> Subject: Re: misc/34270: man -k could be used to execute any command.
> Date: Sat, 26 Jan 2002 00:47:03 +0200
>
> On 2002-01-25 14:40:01, Giorgos Keramidas wrote:
> > Can you try the attached patch?
> > It seems to work for me.
>
> Although now that I think of it, all shell-metacharacters should be
> escaped in the system() string :-(
This is not a security issue for a shell user,
man -k 'echo "; id"'
ng_echo(4) - netgraph echo node type
ng_echo(8) - netgraph echo node type
uid=1001(cjc) gid=1001(cjc) groups=1001(cjc)
Since they can only execute commands with their own privileges.
But this is still not a Good Thing. system(3) bad. system(3) very,
very bad. It should probably be turned into an execvp(2).
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201260240.g0Q2e2R99712>