diff options
Diffstat (limited to 'chapter06')
| -rw-r--r-- | chapter06/bzip2.xml | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/chapter06/bzip2.xml b/chapter06/bzip2.xml index 6b401650f..bf13936c0 100644 --- a/chapter06/bzip2.xml +++ b/chapter06/bzip2.xml @@ -36,8 +36,10 @@ GCC, Glibc, and Make</seg></seglistitem> <screen><userinput>patch -Np1 -i ../&bzip2-docs-patch;</userinput></screen> -<para><command>Bzgrep</command> fails to sufficiently sanitise filenames passed -to it. Apply the following to address this:</para> +<para><command>Bzgrep</command> does not escape '|' and '&' in filenames passed +to it. This allows arbitrary commands to be executed with the privileges of the +user running <command>bzgrep</command>. Apply the following to address this: +</para> <screen><userinput>patch -Np1 -i ../&bzip2-bzgrep-patch;</userinput></screen> |