Re: security fix for 'm4 -F'

m4-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security fix for 'm4 -F'

From:	Eric Blake
Subject:	Re: security fix for 'm4 -F'
Date:	Thu, 22 Nov 2007 07:52:05 -0700
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071031 Thunderbird/2.0.0.9 Mnenhy/0.7.5.666

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Eric Blake on 11/22/2007 7:39 AM:
> $ m4 -F /nosuch/%x </dev/null
> m4: /nosuch/0: No such file or directory
> 
> If that doesn't scare you, consider a file name that contains %n.  This
> security hole has been present since M4 1.3.

Fortunately, it was fixed on the master branch in Aug 2006 (commit c38df).

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHRZeV84KuGfSFAYARAue8AJ9B7wS1BpNwUc+hjbYVIyZF0BucYQCgiGHS
ptujXpFAdz673jyByUMiOjo=
=dHYT
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

security fix for 'm4 -F', Eric Blake, 2007/11/22
- Re: security fix for 'm4 -F', Eric Blake <=
- Re: security fix for 'm4 -F', Eric Blake, 2007/11/22

Prev by Date: security fix for 'm4 -F'
Next by Date: Re: security fix for 'm4 -F'
Previous by thread: security fix for 'm4 -F'
Next by thread: Re: security fix for 'm4 -F'
Index(es):
- Date
- Thread