NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/38327: uu{en,de}code - any reason to use non-portable [sg]etprogname?



The following reply was made to PR bin/38327; it has been noted by GNATS.

From: Aleksey Cheusov <cheusov%tut.by@localhost>
To: David Holland <dholland-bugs%netbsd.org@localhost>
Cc: gnats-bugs%NetBSD.org@localhost,  gnats-admin%netbsd.org@localhost,  
netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/38327: uu{en,de}code - any reason to use non-portable 
[sg]etprogname?
Date: Sun, 06 Apr 2008 11:18:05 +0300

 > Since in general it's only used for printing error messages, it
 > doesn't allow an attacker to do anything they can't do more easily
 > with /bin/echo.
 
 > If it's used for much of anything else, with the possible exception of
 > a few programs that treat magic values of argv[0] as command-line
 > options, it's probably a bug anyhow.
 
 I agree.
 
 Until new USE_FEATURE implementation appeares, wip/netbsd-uuencode
 is patched. Not a big problem.
 
 -- 
 Best regards, Aleksey Cheusov.
 


Home | Main Index | Thread Index | Old Index