Skip to main content
Explore
Sign in
Explore
Snippets Groups Projects
Commit c4de747a authored by chrfranke's avatar chrfranke
Browse files

Don't pass possible command escapes to the 'mail' command (#1535). 

The 'mail' command from GNU mailutils < 3.13 processes '~! COMMAND'
even if used non-interactively (https://savannah.gnu.org/bugs/?60937).

smartd.cpp: Sanitize device identify information which is passed to
SMART_DEVICEINFO environment variable and written to syslog.

smartd_warning.sh.in: Abort script if a message line begins with a
possible command escape.

Thanks to 0x3l leox14@protonmail.com for reporting this security issue.

git-svn-id: https://svn.code.sf.net/p/smartmontools/code/trunk@5238 4ea69e1a-61f1-4043-bf83-b5c94c648137
parent 5fa52b82
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment

AEI Privacy Policy Imprint