Browse Source

When including the listing of a directory in root's security mail, pass the

-q flag to ls(1) so that non-printable characters will appear as '?'. This
prevents a malicious user from fooling the administrator into thinking the
contents of a file name are actually valid script output (note that you can
put newlines in file names); deraadt@ ok
OPENBSD_2_8
aaron 24 years ago
parent
commit
0a2ee57885
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      src/etc/security

+ 2
- 2
src/etc/security View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $OpenBSD: security,v 1.38 2000/07/23 19:49:17 rohee Exp $
# $OpenBSD: security,v 1.39 2000/10/06 17:35:30 aaron Exp $
# from: @(#)security 8.1 (Berkeley) 6/9/93 # from: @(#)security 8.1 (Berkeley) 6/9/93
# #
@ -18,7 +18,7 @@ OUTPUT=$DIR/_secure6
if ! mkdir $DIR ; then if ! mkdir $DIR ; then
printf "tmp directory %s already exists, looks like:\n" $DIR printf "tmp directory %s already exists, looks like:\n" $DIR
ls -alF $DIR
ls -alqF $DIR
exit 1 exit 1
fi fi


Loading…
Cancel
Save