Bug 90252 - htmlview tries to execute an empty string
htmlview tries to execute an empty string
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: htmlview (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-05-05 19:27 EDT by Michal Jaegermann
Modified: 2007-04-18 12:53 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-25 03:33:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Jaegermann 2003-05-05 19:27:51 EDT
Description of problem:

In /usr/bin/htmlview there is the following code:

	GCONF=$(gconftool-2 -g /desktop/gnome/url-handlers/unknown/command \
		2>/dev/null | sed -e 's/%s//')

Looks innocent enough but gconftool-2 has quotes and the above results in

mozilla ""

and later this is stuck on the front on X11BROWSERS.  If 'mozilla' fails
for whatever reasons then sticking "" in front of 'exec' in this line

                exists $i && exec $i $*

may do, or do not, $DEITY knows what.  This can be a security issue.
Likely hard to exploit if you do not have already a "better" access
but surely can be used in "practical jokes".

This can be fixed either by doing

         sed -e 's/ .*//'

above or, possibly better in case some names would have blanks in it,
by putting

                 [ "$1" ] || return 1

just at the beginning of function 'exists'.

Version-Release number of selected component (if applicable):
htmlview-2.0.0-10

Note You need to log in before you can comment on or make changes to this bug.