Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,cheusov%tut.by@localhost
Subject: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
From: Aleksey Cheusov <cheusov%tut.by@localhost>
Date: Sun, 6 Apr 2008 08:20:02 +0000 (UTC)

The following reply was made to PR bin/38327; it has been noted by GNATS.

From: Aleksey Cheusov <cheusov%tut.by@localhost>
To: David Holland <dholland-bugs%netbsd.org@localhost>
Cc: gnats-bugs%NetBSD.org@localhost,  gnats-admin%netbsd.org@localhost,  
netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/38327: uu{en,de}code - any reason to use non-portable 
[sg]etprogname?
Date: Sun, 06 Apr 2008 11:18:05 +0300

 > Since in general it's only used for printing error messages, it
 > doesn't allow an attacker to do anything they can't do more easily
 > with /bin/echo.

 > If it's used for much of anything else, with the possible exception of
 > a few programs that treat magic values of argv[0] as command-line
 > options, it's probably a bug anyhow.

 I agree.

 Until new USE_FEATURE implementation appeares, wip/netbsd-uuencode
 is patched. Not a big problem.

 -- 
 Best regards, Aleksey Cheusov.

Prev by Date: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Next by Date: Re: kern/38109: Shared memory code can't handle > 4GB of memory
Previous by Thread: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Next by Thread: Re: kern/24210 (Panic whilst removing a directory ("ifree: freeing free inode"))
Indexes:

Home | Main Index | Thread Index | Old Index