Paul Eggert <[EMAIL PROTECTED]> wrote: > Thanks for catching all these problems. > > Eric Blake <[EMAIL PROTECTED]> writes: > >> Oops - we aren't properly quoting ' in dircolors' output. This should be >> as simple as outputing '\'' in place of ' in append_quoted(). > > That's a serious bug, no? It lets an attacker execute arbitrary code. > Admittedly the attack is unlikely, but we should install something > like the following fix right away. Jim, I assume we're still in a > code-freeze now, so I won't install this, but it does look like a > fairly safe fix....
Thanks to both of you. That does look like a safe fix. Would you please commit it, along with a test case? I expect to make only `safe' bug fixes this week, then I'll release coreutils-5.92 and call it `stable'. _______________________________________________ Bug-coreutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-coreutils
