Hi, Since one security issue has been fixed in joe very recently, I parsed its bug list a bit and noticed another fishy thing.
On 7 Aug 1999, which was 1 year and 112 days ago (incredible, isn't it), Andras Korn wrote: > if you create a file named ^G (ctrl-g) and open it in joe, you will hear a > beep as the status line is updated; you will also hear it upon exit, when > joe prints the message about not updating the file because it was not > changed. I can reproduce it, joe ^V^G and it beeps when (in)appropriate. > A malicious user could create a file whose name contains more harmful > control characters and wait for another user to open that file in joe > (perhaps inadvertently; e.g. by using the TAB completion of many shells, or > from a graphical user interface). > > I admit this is a long shot, but still: filenames should be filtered and > control characters removed before the name of the file is printed. It seems these messages are made with stuff like sprintf(msgbuf,"File %.60s saved",s); (BTW originally the %.60s was %s, Dale patched it) How big a risk is this, can you security people advise me please? > This potentially affects many other packages as well. grep is also > vulnerable; I will post a separate report for that package, but currently > I don't have the time to check any others. If I run `grep -l foo' on a file called ^G, it will beep. FWIW. -- Digital Electronic Being Intended for Assassination and Nullification
