bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66390: `man' allows to inject arbitrary shell code

From: Eli Zaretskii
Subject: bug#66390: `man' allows to inject arbitrary shell code
Date: Sat, 21 Oct 2023 10:45:06 +0300 
> From: Andreas Schwab <schwab@linux-m68k.org>
> Cc: Stefan Kangas <stefankangas@gmail.com>,  lx@shellcodes.org,
>   manikulin@gmail.com,  66390@debbugs.gnu.org,  michael.albinus@gmx.de
> Date: Sat, 21 Oct 2023 09:35:38 +0200
> 
> On Okt 21 2023, Eli Zaretskii wrote:
> 
> > found in file names).  In particular, who can guarantee that ';' will
> > not be part of some man page some day? it's a valid file-name
> > character on Posix hosts, isn't it?
> 
> It's not part of the Portable Filename Character Set.

That's true, but neither are ':' or '[', and AFAIK we already have
man-page file names which use those two.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]