r6700 - in trunk/BOOK: . chapter01 chapter03 chapter06
ken at linuxfromscratch.org
Thu Aug 18 09:03:06 PDT 2005
On Thu, 18 Aug 2005, Randy McMurchy wrote:
> ken at linuxfromscratch.org wrote these words on 08/18/05 10:35 CST:
> > Log:
> > Added bzgrep security patch
> > +<para><command>Bzgrep</command> fails to sufficiently sanitise filenames passed
> > +to it. Apply the following to address this:</para>
> What is the chance this could be reworded so that it means something
> to folks not familiar with the bug? 'fails to sufficiently sanitise
> filenames' is meaningless to me.
How about "does not escape '|' and '&' in filenames passed to it.
This allows arbitrary commands to be executed with the privileges of the
user running bzgrep" ?
Guess I've been looking at way too many vulnerability reports, I'm
starting to understand some of the terminology.
das eine Mal als Tragödie, das andere Mal als Farce
More information about the lfs-book