Re: Bug#88055: security hole in joe
On Wed, Feb 28, 2001 at 03:20:39PM -0800, Joey Hess wrote:
> Package: joe
> Version: 2.8-18
> Severity: grave
>
> joey@kite:/tmp>echo "this is not a valid .joerc, I'll bet!" > .joerc
> joey@kite:/tmp>joe foo
> Processing '.joerc'...
> .joerc 1: No context selected for macro to key-sequence binding
> done
> There were errors in '.joerc'. Use it anyway?n
> Processing '/etc/joe/joerc'...done
Funny how the first attempt of me reproducing this, with a valid command,
caused this:
[joy@pork:/tmp]% echo '-help' > .joerc
[joy@pork:/tmp]% joe foo
Processing '.joerc'...done
zsh: segmentation fault (core dumped) joe foo
I wonder what's the best fix for this bug... check ownership of ./.joerc
file before trying to read it? Not read it at all?
(I'm not currently subscribed to BUGTRAQ)
--
Digital Electronic Being Intended for Assassination and Nullification
Reply to: