[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-ed] "red" doesn't restrict like "ed -r"

From: Tim Chase
Subject: [Bug-ed] "red" doesn't restrict like "ed -r"
Date: Sat, 17 Jan 2015 16:33:31 -0600

To reproduce:

$ uname -a
Linux laptop 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64
$ red --version | head -1
GNU Ed 1.6
$ file `which red`
/usr/bin/red: symbolic link to `/bin/ed'
$ pwd
$ echo hello > edit_this.txt
$ red edit_this.txt
e /etc/passwd

Based on the documentation[1], "A restricted version of ed, red, can
only edit files in the current directory and cannot execute shell
commands" which is the same as "ed -r".  However, as best I can tell
from looking at the source[2], neither 1.10 nor 1.11rc1 has anything
in the source that looks for argv[0] being "red" rather than "ed" (and
thus "restricted_" doesn't get set accordingly, meaning that invoking
red(1) doesn't appear restrict file/shell access).

Invoking as "ed -r" appears to work without issues.


[1] http://www.gnu.org/software/ed/manual/ed_manual.html
[2] http://download.savannah.gnu.org/releases/ed/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]