Bug#198312: long file name cause Segmentation fault [SECURITY]
severity 198312 important
retitle 198312 long file name cause TeX to segfault
thanks
On 24.06.03 Anthraxz __ (bouloumag@hotmail.com) wrote:
> On 23 Jun 2003 Hilmar Preusse <hille42@web.de> wrote:
Hi,
> >I can't touch a file with a filename of that length.
> >
> >drachi:[hille] >touch `perl -e 'print "ffffffffffffffff"x16'`.tex
> >touch: creating `<big snip>.tex': File name too long
> >
> >In the moment I don't understand why do you want to call latex on a
> >file, which can't exist. Maybe I missed your point...
>
> My point is that when a program is executed with unsusal data (this
> is the case here), it should NEVER crash with a segmentation fault.
>
OK, so far. Bug! But the severity grave says:
grave
makes the package in question unusable or mostly so, or causes
data loss, or introduces a security hole allowing access to the
accounts of users who use the package.
which is definitely not the case. I lower down the severity to
important and will send your bug to upstream ASAP.
> If a program segfault when called with a very long file name, this
> may be a potential security risk for the system.
>
If a server crashes due to an DoS-attack that might justify the tag
security, but if the TeX-compiler segfaults I don't see the
relationship to security.
I've retitled that bug to take out that [SECURITY].
H.
--
sigmentation fault
Reply to: