security fix for 'm4 -F'

m4-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

security fix for 'm4 -F'

From:	Eric Blake
Subject:	security fix for 'm4 -F'
Date:	Thu, 22 Nov 2007 07:39:00 -0700
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071031 Thunderbird/2.0.0.9 Mnenhy/0.7.5.666

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$ m4 -F /nosuch/%x </dev/null
m4: /nosuch/0: No such file or directory

If that doesn't scare you, consider a file name that contains %n.  This
security hole has been present since M4 1.3.

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHRZSD84KuGfSFAYARAtbhAJ9RkobPIl+RJdEtyqzpwKEH4nRsKwCfYtPq
5cmlMyNjTD74r1SLOj2K70Q=
=7vgH
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

security fix for 'm4 -F', Eric Blake <=
- Re: security fix for 'm4 -F', Eric Blake, 2007/11/22
- Re: security fix for 'm4 -F', Eric Blake, 2007/11/22

Prev by Date: prelim patches before argv_ref
Next by Date: Re: security fix for 'm4 -F'
Previous by thread: prelim patches before argv_ref
Next by thread: Re: security fix for 'm4 -F'
Index(es):
- Date
- Thread