[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
man-db docs/ChangeLog src/man.c src/manp.c src/...
|
From: |
Colin Watson |
|
Subject: |
man-db docs/ChangeLog src/man.c src/manp.c src/... |
|
Date: |
Fri, 01 Aug 2003 17:07:39 -0400 |
CVSROOT: /cvsroot/man-db
Module name: man-db
Branch:
Changes by: Colin Watson <address@hidden> 03/08/01 17:07:39
Modified files:
docs : ChangeLog
src : man.c manp.c manp.h straycats.c whatis.c
Log message:
Fix vulnerability due to over-permissiveness of DEFINE directive.
* src/manp.c (DEFINE_USER): New list flag.
(get_def): Note that this must not return DEFINEs set in
~/.manpath.
(get_def_user): New function, which may return DEFINEs set in
~/.manpath.
(add_def): Use DEFINE or DEFINE_USER depending on context.
(add_to_dirlist): Update call to add_def().
* src/manp.h (get_def_user): Add prototype.
* src/man.c (main): pager and cat are safe for the user to define.
(make_display_command): cat, tr, and decompressor are safe.
* src/straycats.c (check_for_stray): col and decompressor are safe.
* src/whatis.c (use_grep): whatis_grep_flags,
apropos_regex_grep_flags, apropos_grep_flags, and grep are safe.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/man-db/man-db/docs/ChangeLog.diff?tr1=1.347&tr2=1.348&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/man-db/man-db/src/man.c.diff?tr1=1.98&tr2=1.99&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/man-db/man-db/src/manp.c.diff?tr1=1.31&tr2=1.32&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/man-db/man-db/src/manp.h.diff?tr1=1.8&tr2=1.9&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/man-db/man-db/src/straycats.c.diff?tr1=1.16&tr2=1.17&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/man-db/man-db/src/whatis.c.diff?tr1=1.32&tr2=1.33&r1=text&r2=text
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- man-db docs/ChangeLog src/man.c src/manp.c src/...,
Colin Watson <=