On Fri, Dec 12, 2014 at 10:42:21AM -0800, patrick keshishian wrote:
> Just throwing this out there: will this program ever get
> installed with filename shorter than ch{grp,mod,own,flags}?
No.
It's still a form of input validation. Therefore, it should be done.
And a user can create such a link
On Fri, Dec 12, 2014 at 10:45:04AM -0700, Todd C. Miller wrote:
> On Fri, 12 Dec 2014 18:16:35 +0100, Tobias Stoeckmann wrote:
>
> > chmod doesn't check if the program name is at least 3 characters long
> > before checking its index 2.
>
> OK.
Just throwing this out there: will this program ever
On Fri, 12 Dec 2014 18:16:35 +0100, Tobias Stoeckmann wrote:
> chmod doesn't check if the program name is at least 3 characters long
> before checking its index 2.
OK.
> Also, there is a compiler warning about signed vs unsigned when "val"
> is used. In one instance, it's used with strtoul, in
Hi,
chmod doesn't check if the program name is at least 3 characters long
before checking its index 2.
Also, there is a compiler warning about signed vs unsigned when "val"
is used. In one instance, it's used with strtoul, in another with strtol,
checking its ranges. It's okay due to automatic
