Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?

To: David Holland <dholland-bugs%netbsd.org@localhost>
Subject: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
From: Aleksey Cheusov <cheusov%tut.by@localhost>
Date: Sun, 06 Apr 2008 11:18:05 +0300

> Since in general it's only used for printing error messages, it
> doesn't allow an attacker to do anything they can't do more easily
> with /bin/echo.

> If it's used for much of anything else, with the possible exception of
> a few programs that treat magic values of argv[0] as command-line
> options, it's probably a bug anyhow.

I agree.

Until new USE_FEATURE implementation appeares, wip/netbsd-uuencode
is patched. Not a big problem.

-- 
Best regards, Aleksey Cheusov.

References:
- Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
  - From: David Holland
- Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
  - From: Aleksey Cheusov
- Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
  - From: David Holland

Prev by Date: Re: install/25026 (core dump during NetBSD-2-0 install on macppc)
Next by Date: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Previous by Thread: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Next by Thread: Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?
Indexes:

Home | Main Index | Thread Index | Old Index