[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

man-db docs/ChangeLog src/man.c src/manp.c src/...

From: Colin Watson
Subject: man-db docs/ChangeLog src/man.c src/manp.c src/...
Date: Fri, 01 Aug 2003 17:07:39 -0400

CVSROOT:        /cvsroot/man-db
Module name:    man-db
Changes by:     Colin Watson <address@hidden>   03/08/01 17:07:39

Modified files:
        docs           : ChangeLog 
        src            : man.c manp.c manp.h straycats.c whatis.c 

Log message:
        Fix vulnerability due to over-permissiveness of DEFINE directive.
        * src/manp.c (DEFINE_USER): New list flag.
        (get_def): Note that this must not return DEFINEs set in
        (get_def_user): New function, which may return DEFINEs set in
        (add_def): Use DEFINE or DEFINE_USER depending on context.
        (add_to_dirlist): Update call to add_def().
        * src/manp.h (get_def_user): Add prototype.
        * src/man.c (main): pager and cat are safe for the user to define.
        (make_display_command): cat, tr, and decompressor are safe.
        * src/straycats.c (check_for_stray): col and decompressor are safe.
        * src/whatis.c (use_grep): whatis_grep_flags,
        apropos_regex_grep_flags, apropos_grep_flags, and grep are safe.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]