[Bug 214627] New: /usr/sbin/pptp-command doesn't launder variables correctly (perl taint mode)
https://bugzilla.novell.com/show_bug.cgi?id=214627 Summary: /usr/sbin/pptp-command doesn't launder variables correctly (perl taint mode) Product: SUSE Linux 10.1 Version: Final Platform: x86 OS/Version: SuSE Linux 10.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: td@pre-secure.de QAContact: qa@suse.de After updating from SUSE 9.3 PPTP doesn't work anymore: # /usr/sbin/pptp-command start Using interface ppp0 Connect: ppp0 <--> /dev/pts/6 MPPE 128-bit stateless compression enabled local IP address x.x.x.x remote IP address x.x.x.x Script ?? finished (pid 13003), status = 0x0 Script /etc/ppp/ip-up finished (pid 13021), status = 0x0 Insecure dependency in system while running with -T switch at /usr/sbin/pptp-command line 797. The attached patch fixes the problem for me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214627 ------- Comment #1 from td@pre-secure.de 2006-10-24 07:56 MST ------- Created an attachment (id=102439) --> (https://bugzilla.novell.com/attachment.cgi?id=102439&action=view) launder route variable in pptp-command (perl taint mode) Quickly glancing through the code $r should have been laundered already. I guess the perl taint-mode behaviour underwent a subtle change when updating from SUSE 9.3. to SUSE 10.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214627 mhorvath@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |hvogel@novell.com |screening@forge.provo.novell| |.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214627 mhorvath@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214627 mhorvath@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement Status|ASSIGNED |NEEDINFO Info Provider| |td@pre-secure.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214627 ------- Comment #2 from td@pre-secure.de 2006-10-25 09:13 MST ------- I'm not really sure, what more information you need. If you give me a hint, I'll try. ;-) The PPTP setup worked in SUSE 9.3. It didn't work anymore in SUSE 10.1, e.g. the script /usr/sbin/pptp-command gave the above error message. After having laundered the variable $r (please see attached patch), it works again.(In reply to comment #0) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214627 hvogel@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|td@pre-secure.de | Resolution| |FIXED ------- Comment #3 from hvogel@novell.com 2006-11-02 07:11 MST ------- fixed for 10.2 beta2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com