Re: Bug#88055: security hole in joe

To: Josip Rodin <jrodin@public.srce.hr>
Cc: Joey Hess <joeyh@debian.org>, 88055@bugs.debian.org, debian-security@lists.debian.org
Subject: Re: Bug#88055: security hole in joe
From: Daniel Jacobowitz <dan@debian.org>
Date: Wed, 28 Feb 2001 21:22:37 -0500
Message-id: <20010228212237.A18150@nevyn.them.org>
In-reply-to: <20010301031314.A6825@jagor.srce.hr>; from jrodin@public.srce.hr on Thu, Mar 01, 2001 at 03:13:14AM +0100
References: <20010228152039.C5432@kitenet.net> <20010301031314.A6825@jagor.srce.hr>

On Thu, Mar 01, 2001 at 03:13:14AM +0100, Josip Rodin wrote:
> On Wed, Feb 28, 2001 at 03:20:39PM -0800, Joey Hess wrote:
> > Package: joe
> > Version: 2.8-18
> > Severity: grave
> > 
> > joey@kite:/tmp>echo "this is not a valid .joerc, I'll bet!" > .joerc
> > joey@kite:/tmp>joe foo
> > Processing '.joerc'...
> > .joerc 1: No context selected for macro to key-sequence binding
> > done
> > There were errors in '.joerc'.  Use it anyway?n
> > Processing '/etc/joe/joerc'...done
> 
> Funny how the first attempt of me reproducing this, with a valid command,
> caused this:
> 
> [joy@pork:/tmp]% echo '-help' > .joerc
> [joy@pork:/tmp]% joe foo
> Processing '.joerc'...done
> zsh: segmentation fault (core dumped)  joe foo
> 
> I wonder what's the best fix for this bug... check ownership of ./.joerc
> file before trying to read it? Not read it at all?

Don't read it at all, please.  I guess there's a command line option to
choose an rc file?  If so, I'd have no qualms about killing this
behavior.

-- 
Daniel Jacobowitz                           Debian GNU/Linux Developer
Monta Vista Software                              Debian Security Team

Reply to:

References:
- Re: Bug#88055: security hole in joe
  - From: Josip Rodin <jrodin@public.srce.hr>

Prev by Date: Re: Bug#88055: security hole in joe
Next by Date: Re: Bug#88055: security hole in joe
Previous by thread: Re: Bug#88055: security hole in joe
Next by thread: Re: Bug#88055: security hole in joe
Index(es):
- Date
- Thread