Tibor Pittich <[EMAIL PROTECTED]> writes: > > man 1.5l was released today, fixing a bug which results in > > arbitrary code execution upon reading a specially formatted man > > file. The basic problem is, upon finding a string with a quoting > > problem, the function my_xsprintf in util.c will return "unsafe" > > (rather than returning a string which could be interpreted by the > > shell). This return value is passed directly to system(3) - > > meaning if there is any program named `unsafe`, it will execute > > with the privs of the user.
man is only s-gid, thus such program would have access to quite a few files
