Subject: Re: port-i386/4580: sysinst i386 - no shell metachars in FTP password allowed
To: None <netbsd-bugs@NetBSD.ORG>
From: Christos Zoulas <>
List: netbsd-bugs
Date: 11/26/1997 12:38:08
In article <> writes:
>>Number:         4580
>>Category:       port-i386
>>Synopsis:       sysinst i386 - no shell metachars in FTP password allowed
>>Confidential:   no
>>Severity:       serious
>>Priority:       high
>>Responsible:    gnats-admin (GNATS administrator)
>>State:          open
>>Class:          sw-bug
>>Submitter-Id:   net
>>Arrival-Date:   Wed Nov 26 03:35:02 1997
>>Originator:     Hubert Feyrer
>Hubert Feyrer <>
>>Release:        1.3_ALPHA (971122 floppy from
>System: NetBSD smaug 1.2 NetBSD 1.2 (SMAUG) #0: Sun Oct 27 00:52:22 MET DST 1996 feyrer@smaug:/disk1/usr_src/sys/arch/sparc/compile/SMAUG sparc
>	sysinst (prolly not only on i386) loses on FTP installs, if
>	it's not an anon-ftp that you do, and you have some shell-meta
>	chars in your password.
>	Set your password to something like <">, and notice sysinst
>	returning immediately after choosing to start transfer.
>.../sysinst/net.c, line 277:
>                        ret = run_prog("/usr/bin/ftp ftp://%s:%s@%s/%s/%s",
>                                       ftp_user, ftp_pass, ftp_host, ftp_dir,
>                                       filename);
>Should be obvious what's going on here - enclosing the URL in
>single quote should fix the problem. Also in the ftp-call a
>few lines above.

This is not correct; consider if your passwd contains a single quote.

A more correct solution should:
	- escape all shell metacharacters by prepending a backslash to them.
	- probably the ftp url parser should be modified to accept escaped
	  characters too. (Consider what happens if your passwd has a : or /)