[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: setuid/setgid binaries contained in the Debian repository.
From:       Matt Zimmerman <mdz () debian ! org>
Date:       2003-08-11 17:59:29
[Download RAW message or body]

On Mon, Aug 11, 2003 at 06:53:19PM +0200, Bernd Eckenfels wrote:

> On Mon, Aug 11, 2003 at 06:13:10PM +0200, Emile van Bergen wrote:
> >         /* securely obtain /usr/lib/games/`basename $0` */
> > 
> >         if (!argv[0]) return 2;
> >         me = strrchr(argv[0], '/');
> >         if (me) me++; else me = argv[0];
> >         melen = strlen(me);
> >         if (melen < 1 || melen > sizeof(realgame) - 16) return 3;
> 
> you need to check for ..

".." is perfectly safe as long as it isn't followed by a "/", which is
ensured by the code above.

-- 
 - mdz


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]