subject:"Bug#813164\: This is, in fact, dangerous"

Bug#813164: This is, in fact, dangerous

2016-02-16 Thread Wouter Verhelst

On Tue, Feb 16, 2016 at 10:32:48AM +0100, Ansgar Burchardt wrote: > Wouter Verhelst writes: > > With the ls version before this change, J. Random Inexperienced Hacker > > would see that there are multiple file names on a single line in the > > output of ls, decide that ls output is

Bug#813164: This is, in fact, dangerous

2016-02-16 Thread Ansgar Burchardt

Wouter Verhelst writes: > With the ls version before this change, J. Random Inexperienced Hacker > would see that there are multiple file names on a single line in the > output of ls, decide that ls output is too difficult to parse, and move > on to something else (probably find or

Bug#813164: This is, in fact, dangerous

2016-02-16 Thread Wouter Verhelst

A change like this invites security bugs: J. Random Inexperienced Hacker writes a shell script. He doesn't know that there is such a thing as the isatty() system call, and therefore doesn't realize that it is even *possible* to change the output of a command based on whether standard output

Bug#813164: This is, in fact, dangerous

Bug#813164: This is, in fact, dangerous

Bug#813164: This is, in fact, dangerous

3 matches

Site Navigation

Mail list logo

Footer information