cvs commit: src/usr.bin/ctags ctags.c
Crist J. Clark
cjc at FreeBSD.org
Fri May 7 12:44:41 PDT 2004
cjc 2004/05/07 12:44:40 PDT
FreeBSD src repository
Modified files:
usr.bin/ctags ctags.c
Log:
It was pointed out[0] that ctags(1) uses some potentially dangerous
system(3) calls where user-supplied data is used with no sanity
checking. Since ctags(1) is not setuid and is not likely to be used
in a privileged situation, this is not a big deal. However, the
fix is relatively easy and less ugly than the current code, let's be
safe. (I'm sure there are about 2^134 other system(3) calls like this
out there.)
[0] On freebsd-security by Roman Bogorodskiy <bogorodskiy at inbox.ru>
with subject "ctags(1) command execution vulnerability."
MFC after: 3 days
Revision Changes Path
1.19 +45 -16 src/usr.bin/ctags/ctags.c
More information about the cvs-all
mailing list