Date: Wed, 19 Jun 1996 03:40:41 -0600 (MDT) From: Dave Andersen <angio@aros.net> To: FreeBSD-gnats-submit@freebsd.org Subject: misc/1335: /etc/security problem with odd filenames. Message-ID: <199606190940.DAA16261@shell.aros.net> Resent-Message-ID: <199606190950.CAA01422@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1335 >Category: misc >Synopsis: /etc/security generates an error with files with spaces. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 19 02:50:01 PDT 1996 >Last-Modified: >Originator: Dave Andersen >Organization: ArosNet, Inc. >Release: FreeBSD 2.1-STABLE i386 >Environment: Nothing relevant. >Description: When /etc/security does its find and xargs, it generates an error message when it stumbles upon files with spaces in the filename. The problem is different under -current. For a file named, alternately, 'A;mail angio < foo' (with quotes) and just A;mail angio < foo (no quotes), the security script generated this output. It doesn't appear to pose a security risk, the reason I noticed it in the first place. Stable: ls: /usr/home/angio/A;mail angio <foo: No such file or directory ls: /usr/home/angio/A;mail: No such file or directory Current: find: /usr/home/angio/A;mail angio < foo: illegal path find: /usr/home/angio/'A;mail angio <foo': illegal path >How-To-Repeat: Create a file like the above named files, and make it setuid or setgid. >Fix: Unknown. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606190940.DAA16261>