[bug-gv] [bugs #11561] Bug when printing files with spaces in their file

bug-gv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-gv] [bugs #11561] Bug when printing files with spaces in their file

From:	anonymous
Subject:	[bug-gv] [bugs #11561] Bug when printing files with spaces in their filenames
Date:	Wed, 2 Mar 2005 21:01:14 +0000
User-agent:	Mozilla/5.0 (X11; U; NetBSD i386; en-US; rv:1.7.5) Gecko/20050228 Firefox/1.0

Follow-up Comment #1, bugs #11561 (project gv):

Note: Why is the system() call still used?  It's a security leak in almost
all cases.  Using a function of the exec() family is a much better idea,
since you are guaranteed that no `free-form' strings are passed to the
shell.

Example:
$ cp blah.gz foo\;ls\;
$ gv foo\;ls\;
<click `print', select lpr and ok>
lpr: cannot access foo
<current working directory's contents>

Of course, this is an accedent waiting to happen; suppose someone opens a
file from the web by use of a browser plugin that downloads the file and
starts gv.  That person is vulnerable to an attack without knowing it.

    _______________________________________________________

This item URL is:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=11561>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-gv] [bugs #11561] Bug when printing files with spaces in their filenames, anonymous <=
- [bug-gv] [bug #11561] Bug when printing files with spaces in their filenames, anonymous, 2005/03/31
  - [bug-gv] [bug #11561] Bug when printing files with spaces in their filenames, jemarch, 2005/03/31

Next by Date: [bug-gv] "gv -watch" does not re-render picture on file change
Next by thread: [bug-gv] [bug #11561] Bug when printing files with spaces in their filenames
Index(es):
- Date
- Thread