[debhelper-devel] Bug#746931: debhelper: dh_shlibdeps does not handle files with special characters in their names
Chow Loong Jin
hyperair at debian.org
Sun May 4 03:49:36 UTC 2014
Package: debhelper
Version: 9.20131227ubuntu1
Severity: important
Dear Maintainer,
When having ELF binaries that start with $, e.g. "/usr/lib/blah/$foobar",
dh_shlibdeps silently ignores it, presumably due to the way it invokes "file" to
check if the binary is an ELF.
$ff=`file "$file"`;
This seems like something that could potentially result in sh injection if it
encounters a specially tailored filename.
-- System Information:
Debian Release: jessie/sid
APT prefers trusty-updates
APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14.2-hyper1 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages debhelper depends on:
ii binutils 2.24-5ubuntu3
ii dh-apparmor 2.8.95~2430-0ubuntu5
ii dpkg 1.17.5ubuntu5.2
ii dpkg-dev 1.17.5ubuntu5.2
ii file 1:5.14-2ubuntu3
ii man-db 2.6.7.1-1
ii perl 5.18.2-2ubuntu1
ii po-debconf 1.0.16+nmu2ubuntu1
debhelper recommends no packages.
Versions of packages debhelper suggests:
ii dh-make 0.63
-- no debconf information
--
Kind regards,
Loong Jin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20140504/3096461f/attachment.sig>
More information about the debhelper-devel
mailing list