Subject: lib/8935: pw_edit is naive in command line parsing
To: None <,>
From: Martin J. Laubach <>
List: netbsd-bugs
Date: 12/02/1999 06:51:58
>Number:         8935
>Category:       lib
>Synopsis:       pw_edit in libutil is too naive in command line parsing
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec  2 06:50:59 1999
>Originator:     Martin J. Laubach
>Release:        very current
System: NetBSD asparagus 1.4P NetBSD 1.4P (ASPARAGUS) #5: Tue Nov 30 03:04:20 CET 1999 mjl@asparagus:/home/temp/devel/cvs/src/sys/arch/i386/compile/ASPARAGUS i386


  Using an EDITOR environment variable, that contains slashes
in the command arguments will confuse pw_edit in libutil, and
thus also vipw et al.

  A cursory glance in libutil/password.c in pw_edit() shows
that pw_edit just searches for the last '/' and uses that
position to generate an argv.

  This must be an ancient bug, the problem is present in
linux (in different disguises, probably w/o the fix introduced
in revision 1.3) too.


  Working example (assumes /bin/sh):

	# EDITOR="echo =" vipw
	= /etc/ptmp
	vipw: no changes made
	vipw: /etc/master.passwd: unchanged

  Non-working example:

	# EDITOR="echo /" vipw
	vipw: echo /: No such file or directory
	vipw: /etc/master.passwd: unchanged