Date: Fri, 7 May 2004 12:44:40 -0700 (PDT) From: "Crist J. Clark" <cjc@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/usr.bin/ctags ctags.c Message-ID: <200405071944.i47Jiehn021330@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
cjc 2004/05/07 12:44:40 PDT
FreeBSD src repository
Modified files:
usr.bin/ctags ctags.c
Log:
It was pointed out[0] that ctags(1) uses some potentially dangerous
system(3) calls where user-supplied data is used with no sanity
checking. Since ctags(1) is not setuid and is not likely to be used
in a privileged situation, this is not a big deal. However, the
fix is relatively easy and less ugly than the current code, let's be
safe. (I'm sure there are about 2^134 other system(3) calls like this
out there.)
[0] On freebsd-security by Roman Bogorodskiy <bogorodskiy@inbox.ru>
with subject "ctags(1) command execution vulnerability."
MFC after: 3 days
Revision Changes Path
1.19 +45 -16 src/usr.bin/ctags/ctags.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405071944.i47Jiehn021330>