Bruno Haible wrote:
> Hi Jim,
>
>> Ok to apply the patch below?
>> Without it, anyone can make nearly any coreutils program segfault
>> with this simple recipe:
>>
>> printf '%s\n' '#include <unistd.h>' 'int main(int c, char**v)' \
>> '{ execve (v[1], 0, 0); }' > k.c && gcc k.c && ./a.out /bin/cat
Unfortunately you can still make the programs segfault
by passing 1 rather than 0 for example. We've only seen
NULL for now, but I'm not sure what's actually doing that,
or how common it is.
cheers,
Pádraig.
