incron does not properly handle filenames containing spaces
Michael Wood
esiotrot at gmail.com
Fri Jun 5 15:29:24 UTC 2009
Package: incron
Version: 0.5.7-1
Severity: normal
Assuming a rule like this:
/path IN_CLOSE_WRITE cmd $#
When a file called "file with spaces" is created in /path, cmd will be
invoked with three arguments: "file", "with" and "spaces" instead of a
single argument of "file with spaces".
This could cause cmd to process the wrong file and so could potentially
be a security risk depending on the details.
-- System Information:
Debian Release: lenny/sid
APT prefers hardy
APT policy: (500, 'hardy')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-14-generic (SMP w/2 CPU cores)
Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages incron depends on:
ii adduser 3.105ubuntu1 add and remove users and groups
ii libc6 2.7-10ubuntu3 GNU C Library: Shared libraries
ii libgcc1 1:4.2.3-2ubuntu7 GCC support library
ii libstdc++6 4.2.3-2ubuntu7 The GNU Standard C++ Library v3
ii lsb-base 3.2-4ubuntu1 Linux Standard Base 3.2 init scrip
incron recommends no packages.
-- no debconf information
--
Michael Wood <esiotrot at gmail.com>
More information about the ubuntu-users
mailing list