clarified the vulnerability with bzgrep

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@6705 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
author: Ken Moffat <ken@linuxfromscratch.org> 2005-08-18 16:38:11 +0000
committer: Ken Moffat <ken@linuxfromscratch.org> 2005-08-18 16:38:11 +0000
commit: 4c2d97d817a5ad4e89d982f4bd62e25307468de3 (patch)
tree: 39f9ec82da4a607be83d8f0c5e6c4648045862dd /chapter06
parent: 50125deceb3d25c05af8acc74aebd0e990845386 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/chapter06/bzip2.xml b/chapter06/bzip2.xml
index 6b401650f..bf13936c0 100644
--- a/chapter06/bzip2.xml
+++ b/chapter06/bzip2.xml
@@ -36,8 +36,10 @@ GCC, Glibc, and Make</seg></seglistitem>
 
 <screen><userinput>patch -Np1 -i ../&bzip2-docs-patch;</userinput></screen>
 
-<para><command>Bzgrep</command> fails to sufficiently sanitise filenames passed
-to it. Apply the following to address this:</para>
+<para><command>Bzgrep</command> does not escape '|' and '&amp;' in filenames passed
+to it. This allows arbitrary commands to be executed with the privileges of the
+user running <command>bzgrep</command>. Apply the following to address this:
+</para>
 
 <screen><userinput>patch -Np1 -i ../&bzip2-bzgrep-patch;</userinput></screen>
author	Ken Moffat <ken@linuxfromscratch.org>	2005-08-18 16:38:11 +0000
committer	Ken Moffat <ken@linuxfromscratch.org>	2005-08-18 16:38:11 +0000
commit	4c2d97d817a5ad4e89d982f4bd62e25307468de3 (patch)
tree	39f9ec82da4a607be83d8f0c5e6c4648045862dd /chapter06
parent	50125deceb3d25c05af8acc74aebd0e990845386 (diff)