Bug#342782: marked as done (xterm -e ./cmd tries to find a wrong program cmd and crashes)

Debian Bug Tracking System Wed, 11 Jan 2006 02:51:48 -0800

Your message dated Wed, 11 Jan 2006 11:34:43 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#342782: xterm -e ./cmd tries to find a wrong program cmd 
and crashes
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Dec 2005 12:10:51 +0000
>From [EMAIL PROTECTED] Sat Dec 10 04:10:51 2005
Return-path: <[EMAIL PROTECTED]>
Received: from vinc17.net4.nerim.net ([62.212.121.106] helo=ay.vinc17.org)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1El3Yw-0000MB-GC
        for [EMAIL PROTECTED]; Sat, 10 Dec 2005 04:10:50 -0800
Received: from lefevre by ay.vinc17.org with local (Exim 4.54)
        id 1El3Yu-0003Su-8x; Sat, 10 Dec 2005 13:10:48 +0100
Date: Sat, 10 Dec 2005 13:10:48 +0100
From: Vincent Lefevre <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: xterm -e ./cmd tries to find a wrong program cmd and crashes
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.18
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
X-Mailer-Info: http://www.vinc17.org/mutt/
User-Agent: Mutt/1.5.11-vl-20051204
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: xterm
Version: 6.8.2.dfsg.1-7
Severity: important

As shown by strace -f, "xterm -e ./cmd" tries to access cmd found in
$PATH (ignoring ".") instead of cmd found in the current directory.

If cmd isn't found, xterm just segfaults. In particular, this breaks
rox, which tries to compile in an xterm with a command of the form
"xterm -e ./relative_path_to/AppRun --compile".

If cmd is found, fortunately xterm doesn't seem to try to execute
this program (this would have been a security hole), but executes
the correct one.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (900, 'testing'), (900, 'stable'), (200, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-20050829
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)

Versions of packages xterm depends on:
ii  libc6                     2.3.5-8        GNU C Library: Shared libraries an
ii  libexpat1                 1.95.8-3       XML parsing C library - runtime li
ii  libfontconfig1            2.3.2-1        generic font configuration library
ii  libfreetype6              2.1.7-2.4      FreeType 2 font engine, shared lib
ii  libice6                   6.8.2.dfsg.1-7 Inter-Client Exchange library
ii  libncurses5               5.5-1          Shared libraries for terminal hand
ii  libsm6                    6.8.2.dfsg.1-7 X Window System Session Management
ii  libxaw8                   6.8.2.dfsg.1-7 X Athena widget set library
ii  libxext6                  6.8.2.dfsg.1-7 X Window System miscellaneous exte
ii  libxft2                   2.1.7-1        FreeType-based font drawing librar
ii  libxmu6                   6.8.2.dfsg.1-7 X Window System miscellaneous util
ii  libxp6                    6.8.2.dfsg.1-7 X Window System printing extension
ii  libxpm4                   6.8.2.dfsg.1-7 X pixmap library
ii  libxrender1               1:0.9.0-2      X Rendering Extension client libra
ii  libxt6                    6.8.2.dfsg.1-7 X Toolkit Intrinsics
ii  xlibs                     6.8.2.dfsg.1-7 X Window System client libraries m
ii  xlibs-data                6.8.2.dfsg.1-7 X Window System client data

Versions of packages xterm recommends:
ii  xutils                    6.8.2.dfsg.1-7 X Window System utility programs

-- no debconf information

---------------------------------------
Received: (at 342782-done) by bugs.debian.org; 11 Jan 2006 10:34:47 +0000
>From [EMAIL PROTECTED] Wed Jan 11 02:34:47 2006
Return-path: <[EMAIL PROTECTED]>
Received: from kabuto.elmundo.es ([193.110.128.11] helo=mail.elmundo.es)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EwdJX-0006Ac-6i
        for [EMAIL PROTECTED]; Wed, 11 Jan 2006 02:34:47 -0800
Received: from xanes.el-mundo.int (xanes.elmundo.int [10.5.222.50])
        by mail.elmundo.es (Postfix) with ESMTP
        id 81BC434F87; Wed, 11 Jan 2006 11:34:47 +0100 (CET)
Received: by xanes.el-mundo.int (Postfix, from userid 65500)
        id C3AAA17315; Wed, 11 Jan 2006 11:34:45 +0100 (CET)
Received: from ip6-localhost (localhost [127.0.0.1])
        by xanes.el-mundo.int (Postfix) with ESMTP
        id 4B0BD17313; Wed, 11 Jan 2006 11:34:45 +0100 (CET)
From: David =?iso-8859-1?q?Mart=EDnez_Moreno?= <[EMAIL PROTECTED]>
Organization: Debian
To: Vincent Lefevre <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#342782: xterm -e ./cmd tries to find a wrong program cmd and 
crashes
Date: Wed, 11 Jan 2006 11:34:43 +0100
User-Agent: KMail/1.8.3
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart12923712.YzOU6udZRb";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <[EMAIL PROTECTED]>
X-Bogosity: No, tests=bogofilter, spamicity=0.451764, version=0.10.3
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

--nextPart12923712.YzOU6udZRb
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Version: 208-1

El s=E1bado, 10 de diciembre de 2005 13:10, Vincent Lefevre escribi=F3:
[...]
> As shown by strace -f, "xterm -e ./cmd" tries to access cmd found in
> $PATH (ignoring ".") instead of cmd found in the current directory.
>
> If cmd isn't found, xterm just segfaults. In particular, this breaks
> rox, which tries to compile in an xterm with a command of the form
> "xterm -e ./relative_path_to/AppRun --compile".
>
> If cmd is found, fortunately xterm doesn't seem to try to execute
> this program (this would have been a security hole), but executes
> the correct one.

        This bug is fixed in xterm version 208-1 and later, now in unstable.

        Best regards,


                Ender.
=2D-=20
We accidentally replaced your heart with a baked potato. You have
 about three seconds to live.
                -- Dr. Doctor to Kenny (South Park).
=2D-
Desarrollador de Debian
Debian developer

--nextPart12923712.YzOU6udZRb
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBDxN9DWs/EhA1iABsRAqA9AJ48yuzfKZSujNsnkg4g16ZBDaBDWgCeOBvz
5QAMozV3RY1LeEncSyP+N0Y=
=Nyfr
-----END PGP SIGNATURE-----

--nextPart12923712.YzOU6udZRb--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#342782: marked as done (xterm -e ./cmd tries to find a wrong program cmd and crashes)

Reply via email to