[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#88055: security hole in joe

On Wed, Feb 28, 2001 at 03:20:39PM -0800, Joey Hess wrote:
> Package: joe
> Version: 2.8-18
> Severity: grave
> joey@kite:/tmp>echo "this is not a valid .joerc, I'll bet!" > .joerc
> joey@kite:/tmp>joe foo
> Processing '.joerc'...
> .joerc 1: No context selected for macro to key-sequence binding
> done
> There were errors in '.joerc'.  Use it anyway?n
> Processing '/etc/joe/joerc'...done

Funny how the first attempt of me reproducing this, with a valid command,
caused this:

[joy@pork:/tmp]% echo '-help' > .joerc
[joy@pork:/tmp]% joe foo
Processing '.joerc'...done
zsh: segmentation fault (core dumped)  joe foo

I wonder what's the best fix for this bug... check ownership of ./.joerc
file before trying to read it? Not read it at all?

(I'm not currently subscribed to BUGTRAQ)

Digital Electronic Being Intended for Assassination and Nullification

Reply to: