Changeset 4c2d97d


Ignore:
Timestamp:
08/18/2005 04:38:11 PM (19 years ago)
Author:
Ken Moffat <ken@…>
Branches:
10.0, 10.0-rc1, 10.1, 10.1-rc1, 11.0, 11.0-rc1, 11.0-rc2, 11.0-rc3, 11.1, 11.1-rc1, 11.2, 11.2-rc1, 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.5-systemd, 7.6, 7.6-systemd, 7.7, 7.7-systemd, 7.8, 7.8-systemd, 7.9, 7.9-systemd, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, arm, bdubbs/gcc13, ml-11.0, multilib, renodr/libudev-from-systemd, s6-init, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/lfs-next, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc
Children:
d3583ed
Parents:
50125de
Message:

clarified the vulnerability with bzgrep

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@6705 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

File:
1 edited

Legend:

Unmodified
Added
Removed

  • chapter06/bzip2.xml

    r50125de r4c2d97d  
    3737<screen><userinput>patch -Np1 -i ../&bzip2-docs-patch;</userinput></screen>
    3838
    39 <para><command>Bzgrep</command> fails to sufficiently sanitise filenames passed
    40 to it. Apply the following to address this:</para>
     39<para><command>Bzgrep</command> does not escape '|' and '&amp;' in filenames passed
     40to it. This allows arbitrary commands to be executed with the privileges of the
     41user running <command>bzgrep</command>. Apply the following to address this:
     42</para>
    4143
    4244<screen><userinput>patch -Np1 -i ../&bzip2-bzgrep-patch;</userinput></screen>
Note: See TracChangeset for help on using the changeset viewer.