[bug-patch] ed scripts allow arbitrary code execution

bug-patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-patch] ed scripts allow arbitrary code execution

From:	rain1
Subject:	[bug-patch] ed scripts allow arbitrary code execution
Date:	Thu, 05 Apr 2018 20:18:05 +0100
User-agent:	Roundcube Webmail/1.3.3

Hello.

From responses to the 'beep' bug it was noticed that GNU patch files canresult in arbitrary code execution via 'ed'. [1]<http://rachelbythebay.com/w/2018/04/05/bangpatch/>


Included is a patch that removes that dangerous feature.

0001-Remove-the-ed-script-feature-for-security-reasons.-A.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-patch] ed scripts allow arbitrary code execution, rain1 <=
- [bug-patch] ed scripts allow arbitrary code execution, rain1, 2018/04/06
  - Re: [bug-patch] ed scripts allow arbitrary code execution, Bruno Haible, 2018/04/06
  - Re: [bug-patch] ed scripts allow arbitrary code execution, Andreas Grünbacher, 2018/04/06

Next by Date: [bug-patch] ed scripts allow arbitrary code execution
Next by thread: [bug-patch] ed scripts allow arbitrary code execution
Index(es):
- Date
- Thread