[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: proposed fix for CVE-2018-19518 in uw-imap

Hi Tomas,

On Fri, Dec 28, 2018 at 12:53:00PM +0000, Tomas Bortoli wrote:
> By shell escaping I meant to escape all the special shell characters
> within the input. That'd probably need additional dependencies or a neat
> sanitizer function.
> But I was wrong, it's unnecessary as there's no shell interpreter there
> but it's just using `execv` to get rsh/ssh running.
> I agree that preventing the injection of spaces will prevent the
> injection of additional parameters and therefore the execution of
> unexpected commands.
Thanks for the feedback and confirmation.



Roberto C. Sánchez

Reply to: