| commit | f4a811d0a1fafb3d7b0e7f514d85916ae3933942 | |
| author | Joey Hess <joeyh@joeyh.name> | |
| Tue, 28 Sep 2021 12:12:42 +0000 (28 08:12 -0400) | ||
| committer | Joey Hess <joeyh@joeyh.name> | |
| Tue, 28 Sep 2021 12:12:42 +0000 (28 08:12 -0400) | ||
| tree | 6518039d2c02503f4b087125bc9bdc5c98c82088 | treesnapshot (tar.gz zip) |
| parent | 6140dbc815ef70b11982ff1ed7b3885426e30dda | commitdiff |
ifne.1: Improve example that pipes to mail to avoid escape sequences
As recently seen in fail2ban's security hole (CVE-2021-32749),
piping user controlled input to mail is exploitable,
since a line starting with "~! foo" in the input will run command foo.
A core file named like that is not impossible, so guard against it in this
example.
Sponsored-by: Jack Hill on Patreon
As recently seen in fail2ban's security hole (CVE-2021-32749),
piping user controlled input to mail is exploitable,
since a line starting with "~! foo" in the input will run command foo.
A core file named like that is not impossible, so guard against it in this
example.
Sponsored-by: Jack Hill on Patreon
| debian/changelog | diffblobblamehistory | |
| ifne.docbook | diffblobblamehistory |