bin/86405: /usr/bin/more segmentation fault
Nate Eldredge
nge at cs.hmc.edu
Thu Oct 13 16:30:19 PDT 2005
The following reply was made to PR bin/86405; it has been noted by GNATS.
From: Nate Eldredge <nge at cs.hmc.edu>
To: bug-followup at FreeBSD.org, db at trunet.dk
Cc:
Subject: Re: bin/86405: /usr/bin/more segmentation fault
Date: Thu, 13 Oct 2005 16:24:39 -0700 (PDT)
I think this might be a case of "don't do that". -k tells more/less to
read its keybindings from the specified file. This is in a special format
generated by the lesskey program. A comment at decode.c:666 admits that
minimal error checking is done and a bad file will "produce strange
results". Given that this is a problem that can only arise through
intentional misuse, I don't think anyone is going to be that interested in
fixing it. If you want to do so, I would suggest you deal with the
upstream people.
It shouldn't be a security problem since if you can run less, you can
already execute arbitrary commands (try the ! command inside less). less
does have a "secure" mode in which these things are disabled, and in that
case the -k option is disabled as well.
All IMHO.
--
Nate Eldredge
nge at cs.hmc.edu
More information about the freebsd-bugs
mailing list