From db@trunet.dk  Wed Sep 21 12:57:04 2005
Return-Path: <db@trunet.dk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F098E16A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Sep 2005 12:57:04 +0000 (GMT)
	(envelope-from db@trunet.dk)
Received: from cicero1.cybercity.dk (cicero1.cybercity.dk [212.242.40.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 91FFF43D45
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Sep 2005 12:57:04 +0000 (GMT)
	(envelope-from db@trunet.dk)
Received: from user3.cybercity.dk (user3.cybercity.dk [212.242.41.36])
	by cicero1.cybercity.dk (Postfix) with ESMTP id 70BFF7E2D91
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Sep 2005 14:57:02 +0200 (CEST)
Received: from work.trunet.dk (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73])
	by user3.cybercity.dk (Postfix) with ESMTP id 2911F93C2A
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Sep 2005 14:57:02 +0200 (CEST)
Message-Id: <1127314725.0@work.trunet.dk>
Date: Wed, 21 Sep 2005 14:58:45 -0000
From: "Daniel Blankensteiner" <db@trunet.dk>
To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@freebsd.org>
Subject: /usr/bin/more segmentation fault
X-Send-Pr-Version: gtk-send-pr 0.4.6 
X-GNATS-Notify:

>Number:         86405
>Category:       bin
>Synopsis:       more(1) segmentation fault
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 21 13:00:23 GMT 2005
>Closed-Date:    
>Last-Modified:  Thu May 01 07:12:52 UTC 2008
>Originator:     Daniel Blankensteiner
>Release:        FreeBSD 5.4-SECURITY i386
>Organization:
>Environment:


System: FreeBSD 5.4-SECURITY #0: Wed Jul 20 08:57:11 UTC 2005
    root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC



>Description:


Using the 'k' option can make /usr/bin/more segmentation fault with some files. Try with wxglade-0.4-setup.exe from http://sourceforge.net/projects/wxglade



>How-To-Repeat:


more -k wxglade-0.4-setup.exe


>Fix:





>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: Daniel Blankensteiner <db@trunet.dk>
Cc: bug-followup@freebsd.org
Subject: Re: bin/86405: /usr/bin/more segmentation fault
Date: Wed, 21 Sep 2005 17:22:53 +0300

 On 2005-09-21 14:58, Daniel Blankensteiner <db@trunet.dk> wrote:
 > Using the 'k' option can make /usr/bin/more segmentation fault with
 > some files. Try with wxglade-0.4-setup.exe from
 > http://sourceforge.net/projects/wxglade
 >
 > more -k wxglade-0.4-setup.exe
 
 Interesting.  Since our more(1) is basically a hard link to less(1)
 
 flame:/home/keramida$ ls -ldi `which more` `which less`
 400974 -r-xr-xr-x  2 root  wheel  - 115128 Sep 21 10:21 /usr/bin/less
 400974 -r-xr-xr-x  2 root  wheel  - 115128 Sep 21 10:21 /usr/bin/more
 flame:/home/keramida$
 
 it would be nice to check newer versions of less (i.e. from the ports?)
 and see if this is fixed already upstream.
 

From: Nate Eldredge <nge@cs.hmc.edu>
To: bug-followup@FreeBSD.org, db@trunet.dk
Cc:  
Subject: Re: bin/86405: /usr/bin/more segmentation fault
Date: Thu, 13 Oct 2005 16:24:39 -0700 (PDT)

 I think this might be a case of "don't do that".  -k tells more/less to 
 read its keybindings from the specified file.  This is in a special format 
 generated by the lesskey program.  A comment at decode.c:666 admits that 
 minimal error checking is done and a bad file will "produce strange 
 results".  Given that this is a problem that can only arise through 
 intentional misuse, I don't think anyone is going to be that interested in 
 fixing it.  If you want to do so, I would suggest you deal with the 
 upstream people.
 
 It shouldn't be a security problem since if you can run less, you can 
 already execute arbitrary commands (try the ! command inside less).  less 
 does have a "secure" mode in which these things are disabled, and in that 
 case the -k option is disabled as well.
 
 All IMHO.
 
 -- 
 Nate Eldredge
 nge@cs.hmc.edu

From: "db@trunet.dk" <db@trunet.dk>
To: Nate Eldredge <nge@cs.hmc.edu>, bug-followup@freebsd.org
Cc:  
Subject: Re: bin/86405: /usr/bin/more segmentation fault
Date: Sat, 15 Oct 2005 19:26:24 +0000

 On Thursday 13 October 2005 23:24, you wrote:
 > I think this might be a case of "don't do that".
 
 I will strongly disagree on "don't do that" fixes, when we are talking about a 
 segmentation fault in a program, that is part of the base system.
 
 > It shouldn't be a security problem since if you can run less, you can
 > already execute arbitrary commands (try the ! command inside less).  less
 > does have a "secure" mode in which these things are disabled, and in that
 > case the -k option is disabled as well.
 
 I agree that it shouldn't be a security problem though.
 
 Best regards
 db
>Unformatted:
