[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#88055: security hole in joe



On Thu, Mar 01, 2001 at 03:13:14AM +0100, Josip Rodin wrote:
> [joy@pork:/tmp]% echo '-help' > .joerc
> [joy@pork:/tmp]% joe foo
> Processing '.joerc'...done
> zsh: segmentation fault (core dumped)  joe foo

heh

> I wonder what's the best fix for this bug... check ownership of ./.joerc
> file before trying to read it? Not read it at all?

OpenBSD fixed this in thier joe some time ago by not reading ./.joerc
at all.  they read ~/.joerc, /etc/joe/joerc and
/usr/local/lib/joe/joerc.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp9ixhUQkQqH.pgp
Description: PGP signature


Reply to: