Description of problem: inotifywait does not accept NULL as field separator when using the --format option. This means that specially crafted, malicious filenames (for example, filename with newline char) can be used to hijack 3d party code relying on inotifywait. For example, think about a replication services that use inotifywait to know what events/files to replicate on a remote server. Using a malicious filename with an embedded newline and deleting it, the remote server will replicate a wrong (and potentially very dangerous) delete event. See here for more details: https://github.com/rvoicilas/inotify-tools/issues/20 Version-Release number of selected component (if applicable): all How reproducible: embed a newline in a monitored filename Steps to Reproduce: 1. create a file with a newline embedded in its name (eg: touch '/tmp/test this' 2. use inotifywait to monitor a directory (eg: inotifywait -m -r /tmp) 3. delete the file 4. the resulting inotify event will be split in two different row Actual results: the resulting inotify event will be split in two different row, exposing wrong events/filename to application reading from inotifywait (eg: using a pipe) Expected results: using a NULL char as field separator, inotifywait will be invulnerable to malicious filename (as NULL is an invalid char for filenames in about all filesystems) Additional info: https://github.com/rvoicilas/inotify-tools/issues/20
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above.
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version, you are encouraged to change the 'version' to a later version prior this bug is closed as described in the policy above.
EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of EPEL please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.