Re: Bug#88055: security hole in joe

To: debian-security@lists.debian.org
Subject: Re: Bug#88055: security hole in joe
From: Ethan Benson <erbenson@alaska.net>
Date: Wed, 28 Feb 2001 17:40:37 -0900
Message-id: <20010228174037.M6270@plato.local.lan>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20010301031314.A6825@jagor.srce.hr>; from jrodin@public.srce.hr on Thu, Mar 01, 2001 at 03:13:14AM +0100
References: <20010228152039.C5432@kitenet.net> <20010301031314.A6825@jagor.srce.hr>

On Thu, Mar 01, 2001 at 03:13:14AM +0100, Josip Rodin wrote:
> [joy@pork:/tmp]% echo '-help' > .joerc
> [joy@pork:/tmp]% joe foo
> Processing '.joerc'...done
> zsh: segmentation fault (core dumped)  joe foo

heh

> I wonder what's the best fix for this bug... check ownership of ./.joerc
> file before trying to read it? Not read it at all?

OpenBSD fixed this in thier joe some time ago by not reading ./.joerc
at all.  they read ~/.joerc, /etc/joe/joerc and
/usr/local/lib/joe/joerc.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpYPaYejz5Nv.pgp
Description: PGP signature

Reply to:

References:
- Re: Bug#88055: security hole in joe
  - From: Josip Rodin <jrodin@public.srce.hr>

Prev by Date: Re: Bug#88055: security hole in joe
Previous by thread: Re: Bug#88055: security hole in joe
Index(es):
- Date
- Thread