Bug 90252
| Summary: | htmlview tries to execute an empty string | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Michal Jaegermann <michal> |
| Component: | htmlview | Assignee: | Christopher Aillon <caillon> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-04-25 07:33:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: In /usr/bin/htmlview there is the following code: GCONF=$(gconftool-2 -g /desktop/gnome/url-handlers/unknown/command \ 2>/dev/null | sed -e 's/%s//') Looks innocent enough but gconftool-2 has quotes and the above results in mozilla "" and later this is stuck on the front on X11BROWSERS. If 'mozilla' fails for whatever reasons then sticking "" in front of 'exec' in this line exists $i && exec $i $* may do, or do not, $DEITY knows what. This can be a security issue. Likely hard to exploit if you do not have already a "better" access but surely can be used in "practical jokes". This can be fixed either by doing sed -e 's/ .*//' above or, possibly better in case some names would have blanks in it, by putting [ "$1" ] || return 1 just at the beginning of function 'exists'. Version-Release number of selected component (if applicable): htmlview-2.0.0-10