On Mon, Mar 18, 2019 at 05:10:36PM -0300, Jesse Smith wrote: > I have been playing around with this a little and believe I have come up > with a workable solution. The attached patch causes the passed in format > string to be dumbed down so that we only translate instances of %d into > the PID and \n into newline characters. Everything else is treated as a > literal part of the string. > > This effectively should neutralize any use of %s %c %f etc to cause a > segfault or dump memory. (Hopefully.)
Now just my2cents: if the only thing the flag does is accepting '%d' and '\n', logic would suggest that the flag is not particularly useful, since this kind of formatting can (and should) be done downstream, by sed/awk/whatever. Adding 40 lines of code just to check that the user has asked pidof to print a PID as an integer looks like an unneded convolution to me. Sorry for the noise, but I think unix is much better than that :\ My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: PGP signature
