https://bugzilla.novell.com/show_bug.cgi?id=660001
https://bugzilla.novell.com/show_bug.cgi?id=660001#c1
Bernhard Wiedemann changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 - None |P3 - Medium
AssignedTo|zypp-maintainers@forge.prov |jkupec@novell.com
|o.novell.com |
--- Comment #1 from Bernhard Wiedemann 2010-12-18 11:38:36 CET ---
the show_in_pager function might be a nice place to check for
non-interactiveness
Note: src/utils/pager.cc:57 is
cmdline << "'" << pager << "' '" << file << "'";
which means that neither filename nor pager are allowed to contain
apostrophes... and in certain circumstances such contructs can lead to security
vulnarabilities (e.g. someone injecting an '`rm -rf /*`')
One better way is to not use apostrophes, but explicitly prefix all non-safe
chars (e.g. [^a-zA-Z0-9.,/_-]) with a backslash to escape the special meaning
of some characters.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.