|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: xpdf vulnerability - CAN-2003-0434
From: stanislav shalunov (shalunov
internet2.edu)
Date: Wed Jul 09 2003 - 14:46:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andries.Brouwercwi.nl writes:
> A urlCommand like the default "netscape -remote 'openURL(%s)'"
> is OK since the %s is protected by single quotes.
How so? Consider an argument of
'`rm -rf /tmp/test`'
This expands to
netscape -remote 'openURL('`rm -rf /tmp/test`')'
where the single quotes have no effect.
A proper fix would be not to invoke shell at all, but simply fork and
exec.
--
Stanislav Shalunov http://www.internet2.edu/~shalunov/
"The power of accurate observation is commonly called cynicism by
those who have not got it." -- G. B. Shaw
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]