Bug#342782: marked as done (xterm -e ./cmd tries to find a wrong program cmd and crashes)
Your message dated Wed, 11 Jan 2006 11:34:43 +0100
with message-id <200601111134.43985.ender@debian.org>
and subject line Bug#342782: xterm -e ./cmd tries to find a wrong program cmd and crashes
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Dec 2005 12:10:51 +0000
>From vincent@vinc17.org Sat Dec 10 04:10:51 2005
Return-path: <vincent@vinc17.org>
Received: from vinc17.net4.nerim.net ([62.212.121.106] helo=ay.vinc17.org)
by spohr.debian.org with esmtp (Exim 4.50)
id 1El3Yw-0000MB-GC
for submit@bugs.debian.org; Sat, 10 Dec 2005 04:10:50 -0800
Received: from lefevre by ay.vinc17.org with local (Exim 4.54)
id 1El3Yu-0003Su-8x; Sat, 10 Dec 2005 13:10:48 +0100
Date: Sat, 10 Dec 2005 13:10:48 +0100
From: Vincent Lefevre <vincent@vinc17.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xterm -e ./cmd tries to find a wrong program cmd and crashes
Message-ID: <20051210121047.GA12948@ay.vinc17.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.18
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
X-Mailer-Info: http://www.vinc17.org/mutt/
User-Agent: Mutt/1.5.11-vl-20051204
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: xterm
Version: 6.8.2.dfsg.1-7
Severity: important
As shown by strace -f, "xterm -e ./cmd" tries to access cmd found in
$PATH (ignoring ".") instead of cmd found in the current directory.
If cmd isn't found, xterm just segfaults. In particular, this breaks
rox, which tries to compile in an xterm with a command of the form
"xterm -e ./relative_path_to/AppRun --compile".
If cmd is found, fortunately xterm doesn't seem to try to execute
this program (this would have been a security hole), but executes
the correct one.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (900, 'stable'), (200, 'unstable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-20050829
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Versions of packages xterm depends on:
ii libc6 2.3.5-8 GNU C Library: Shared libraries an
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libfontconfig1 2.3.2-1 generic font configuration library
ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib
ii libice6 6.8.2.dfsg.1-7 Inter-Client Exchange library
ii libncurses5 5.5-1 Shared libraries for terminal hand
ii libsm6 6.8.2.dfsg.1-7 X Window System Session Management
ii libxaw8 6.8.2.dfsg.1-7 X Athena widget set library
ii libxext6 6.8.2.dfsg.1-7 X Window System miscellaneous exte
ii libxft2 2.1.7-1 FreeType-based font drawing librar
ii libxmu6 6.8.2.dfsg.1-7 X Window System miscellaneous util
ii libxp6 6.8.2.dfsg.1-7 X Window System printing extension
ii libxpm4 6.8.2.dfsg.1-7 X pixmap library
ii libxrender1 1:0.9.0-2 X Rendering Extension client libra
ii libxt6 6.8.2.dfsg.1-7 X Toolkit Intrinsics
ii xlibs 6.8.2.dfsg.1-7 X Window System client libraries m
ii xlibs-data 6.8.2.dfsg.1-7 X Window System client data
Versions of packages xterm recommends:
ii xutils 6.8.2.dfsg.1-7 X Window System utility programs
-- no debconf information
---------------------------------------
Received: (at 342782-done) by bugs.debian.org; 11 Jan 2006 10:34:47 +0000
>From ender@debian.org Wed Jan 11 02:34:47 2006
Return-path: <ender@debian.org>
Received: from kabuto.elmundo.es ([193.110.128.11] helo=mail.elmundo.es)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EwdJX-0006Ac-6i
for 342782-done@bugs.debian.org; Wed, 11 Jan 2006 02:34:47 -0800
Received: from xanes.el-mundo.int (xanes.elmundo.int [10.5.222.50])
by mail.elmundo.es (Postfix) with ESMTP
id 81BC434F87; Wed, 11 Jan 2006 11:34:47 +0100 (CET)
Received: by xanes.el-mundo.int (Postfix, from userid 65500)
id C3AAA17315; Wed, 11 Jan 2006 11:34:45 +0100 (CET)
Received: from ip6-localhost (localhost [127.0.0.1])
by xanes.el-mundo.int (Postfix) with ESMTP
id 4B0BD17313; Wed, 11 Jan 2006 11:34:45 +0100 (CET)
From: David =?iso-8859-1?q?Mart=EDnez_Moreno?= <ender@debian.org>
Organization: Debian
To: Vincent Lefevre <vincent@vinc17.org>, 342782-done@bugs.debian.org
Subject: Re: Bug#342782: xterm -e ./cmd tries to find a wrong program cmd and crashes
Date: Wed, 11 Jan 2006 11:34:43 +0100
User-Agent: KMail/1.8.3
References: <20051210121047.GA12948@ay.vinc17.org>
In-Reply-To: <20051210121047.GA12948@ay.vinc17.org>
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="nextPart12923712.YzOU6udZRb";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200601111134.43985.ender@debian.org>
X-Bogosity: No, tests=bogofilter, spamicity=0.451764, version=0.10.3
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--nextPart12923712.YzOU6udZRb
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Version: 208-1
El s=E1bado, 10 de diciembre de 2005 13:10, Vincent Lefevre escribi=F3:
[...]
> As shown by strace -f, "xterm -e ./cmd" tries to access cmd found in
> $PATH (ignoring ".") instead of cmd found in the current directory.
>
> If cmd isn't found, xterm just segfaults. In particular, this breaks
> rox, which tries to compile in an xterm with a command of the form
> "xterm -e ./relative_path_to/AppRun --compile".
>
> If cmd is found, fortunately xterm doesn't seem to try to execute
> this program (this would have been a security hole), but executes
> the correct one.
This bug is fixed in xterm version 208-1 and later, now in unstable.
Best regards,
Ender.
=2D-=20
We accidentally replaced your heart with a baked potato. You have
about three seconds to live.
-- Dr. Doctor to Kenny (South Park).
=2D-
Desarrollador de Debian
Debian developer
--nextPart12923712.YzOU6udZRb
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQBDxN9DWs/EhA1iABsRAqA9AJ48yuzfKZSujNsnkg4g16ZBDaBDWgCeOBvz
5QAMozV3RY1LeEncSyP+N0Y=
=Nyfr
-----END PGP SIGNATURE-----
--nextPart12923712.YzOU6udZRb--
Reply to: