Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

2017-11-23 Thread Michael Kerrisk (man-pages)
Hello Bastien On 22 November 2017 at 14:53, Bastien ROUCARIES wrote: > On Wed, Nov 22, 2017 at 2:45 PM, Michael Kerrisk (man-pages) > wrote: >>> Could you also warn about popen ? >> >> I already added a cross reference from popen(3) to the Caveats section >> in system(3). I should have mentioned

Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

2017-11-22 Thread Bastien ROUCARIES
On Wed, Nov 22, 2017 at 2:45 PM, Michael Kerrisk (man-pages) wrote: >> Could you also warn about popen ? > > I already added a cross reference from popen(3) to the Caveats section > in system(3). I should have mentioned that before. > >> And mention that system(sprintf("command %s")) is a security

Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

2017-11-22 Thread Michael Kerrisk (man-pages)
> Could you also warn about popen ? I already added a cross reference from popen(3) to the Caveats section in system(3). I should have mentioned that before. > And mention that system(sprintf("command %s")) is a security hole That seems obviously dangerous. But don't you think it is covered by t

Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

2017-11-22 Thread Bastien ROUCARIES
On Wed, Nov 22, 2017 at 10:58 AM, Michael Kerrisk (man-pages) wrote: > Hello Tobias, and Bastien, > > On 22 November 2017 at 09:52, Dr. Tobias Quathamer wrote: >> control: severity -1 important >> >> Am 20.11.2017 um 12:29 schrieb Bastien ROUCARIES: >>> Please document the implication of system.3

Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

2017-11-22 Thread Michael Kerrisk (man-pages)
Hello Tobias, and Bastien, On 22 November 2017 at 09:52, Dr. Tobias Quathamer wrote: > control: severity -1 important > > Am 20.11.2017 um 12:29 schrieb Bastien ROUCARIES: >> Please document the implication of system.3 and popen.3, particularly >> argument injection. > Hi, > > thanks for the bug

Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

2017-11-22 Thread Dr. Tobias Quathamer
control: severity -1 important Am 20.11.2017 um 12:29 schrieb Bastien ROUCARIES: > Please document the implication of system.3 and popen.3, particularly > argument injection. Hi, thanks for the bug report, I'll take this upstream and we'll see how to get this better documented. Do you have a patc

Bug#882222: Document security problems with system.3 and popen.3 (argument injection)

2017-11-20 Thread Bastien ROUCARIES
Package: manpages-dev Version: 4.13-3 Severity: grave Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org Justification: more than 20 security bugs filled in other package control: clone -1 -2 control: reaffect -2 glibc-doc Please document the implication of system.3 and pope