[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [groff] address@hidden: Bug#920269: groff: gropdf can execute arbitr
From: |
Vincent Lefevre |
Subject: |
Re: [groff] address@hidden: Bug#920269: groff: gropdf can execute arbitrary commands] |
Date: |
Wed, 23 Jan 2019 15:53:13 +0100 |
User-agent: |
Mutt/1.11.2+89 (4e6744dc) vl-114617 (2019-01-18) |
On 2019-01-23 13:56:04 +0000, Colin Watson wrote:
> I'm not quite sure of the circumstances in which an attacker (presumably
> the author of a document you've received) might be able to control the
> arguments to gropdf; but regardless, this does seem to be undesirable
> command-line handling and I think we should fix it.
Files can be downloaded from the web (potentially in archives),
and one doesn't also check the filenames, particular when using
wildcards such as ./* or with find + xargs.
> Alternatively, perhaps we could just copy ARGV::readonly from CPAN into
> the start of all our Perl scripts? It's sufficiently small that it
> might not be worth getting too worked up about the code duplication:
>
>
> https://metacpan.org/source/DAVIDNICO/ARGV-readonly-0.01/lib/ARGV/readonly.pm
Yes. At the same time, in each case, decide what to do with "-",
i.e. whether it should be regarded as a filename or as stdin (the
latter is common, standard for some utilities, and may be regarded
as convenient, and should be documented if used).
--
Vincent Lefèvre <address@hidden> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)