FIXED: bug in src/more/more.c
utzoo!decvax!ucbvax!dist2
utzoo!decvax!ucbvax!dist2
Sun Dec 6 02:58:31 AEST 1981
There is a bug in "more" which raises its ugly head when the input
to more is a pipe, and a shell escape is performed. The piped input
becomes piped to the shell escape causing all sorts of mysterious
results, at least when the shell escape reads standard input.
This problem commonly appears reading netnews. The fix is simple --
if stdin is not from a tty, it must be closed before exec'ing the
shell escape.
I know of some sites which take advantage of this bug to allow free logins
to use more without worrying about the security problems inherent with being
able to fork subshells. Nevertheless, it is a bug and exists in 4.1BSD as
well. The suggested fix works as well as anything:
diff src/more/more.c.old src/more/more.c
1077a1078,1081
> if (no_intty) {
> close(0);
> dup(2);
> }
This change is necessary on tapes written before 12/5/81.
Carl
More information about the Comp.bugs.2bsd
mailing list