On Wed, 9 Mar 2005, Tomasz Kojm wrote:
In particular, I am thinking of supporting at least:
%f - infected filename
It was already supported but has been removed due to security issues.
Why is this a security issue?
Because it's hard to implement in a secure way. Read the change log, google, ...
Yeah, I read the security alert.
Well the problem really stems from the use of the system() function. A proper solution would _not_ use the shell interpreter, but rather exec() a program directly. But that could break existing configurations out there..
Another approach is to guarantee that the %f string is properly quoted and escaped. That's a little hard, but not really impossible. You just have to wrap the filename in single quotes, and for each single quote token encountered in the filename string, replace it with: '"'"' (which evaluates to a single quote ultimately).
What if I were to provide such an implementation? Would it ever be considered for inclusion into clamd or is it out of the question? I really think %f, along with other things (such as % tokens specific to clamuko) could be very useful...
-Calin
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
