After, looking at this for quite a while, I am not convinced there's
an issue here. %e is returned as just the basename of the executable
path, and %t and %E seem even less problematic.
If you think there's an issue, it would be good to show a worked
example of how an "innocent" core_pattern pipe
Package: manpages
Version: 3.71-1
Severity: normal
Hello,
man 5 core gingerly mentions piping core dumps to a program and using %
specifiers as arguments. It does not, however, mention their escaping,
or lack thereof.
I am not terribly bothered by scenarios like this here:
On Wed, Oct 08, 2014 at 10:02:52AM +0200, Enrico Zini wrote:
%e, %E and %h look harmful to me in that way, with a risk of opening
user-exploitable vulnerabilities:
It's also worth mentioning that most of that information can be found
anyway, and in a safer way, via /proc/%p/, but that
3 matches
Mail list logo
