[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dircolors database documentation
|
From: |
Jim Meyering |
|
Subject: |
Re: dircolors database documentation |
|
Date: |
Tue, 18 Oct 2005 22:07:33 +0200 |
Paul Eggert <address@hidden> wrote:
> Thanks for catching all these problems.
>
> Eric Blake <address@hidden> writes:
>
>> Oops - we aren't properly quoting ' in dircolors' output. This should be
>> as simple as outputing '\'' in place of ' in append_quoted().
>
> That's a serious bug, no? It lets an attacker execute arbitrary code.
> Admittedly the attack is unlikely, but we should install something
> like the following fix right away. Jim, I assume we're still in a
> code-freeze now, so I won't install this, but it does look like a
> fairly safe fix....
Thanks to both of you. That does look like a safe fix.
Would you please commit it, along with a test case?
I expect to make only `safe' bug fixes this week, then I'll
release coreutils-5.92 and call it `stable'.