Date: Tue, 18 Mar 2003 06:19:27 -0800 (PST) From: Tony Finch <fanf@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.bin/uudecode uudecode.c Message-ID: <200303181419.h2IEJRR1010776@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
fanf 2003/03/18 06:19:27 PST
FreeBSD src repository
Modified files:
usr.bin/uudecode uudecode.c
Log:
The POSIXly-correct /dev/stdout handling added in rev 1.44 makes
careless users vulnerable to terminal control sequence attacks,
since they expect uudecode to just drop (or overwrite) a file in
the current directory. POSIX also says that the full pathname from
the input should be used when writing a file, which we only do if
the -s (shoot me in the foot) option is specified; therefore this
revision means that you now need to use -s for standard /dev/stdout
handling.
Revision Changes Path
1.48 +1 -1 src/usr.bin/uudecode/uudecode.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303181419.h2IEJRR1010776>