Red Hat Bugzilla – Bug 90252
htmlview tries to execute an empty string
Last modified: 2007-04-18 12:53:29 EDT
Description of problem:
In /usr/bin/htmlview there is the following code:
GCONF=$(gconftool-2 -g /desktop/gnome/url-handlers/unknown/command \
2>/dev/null | sed -e 's/%s//')
Looks innocent enough but gconftool-2 has quotes and the above results in
and later this is stuck on the front on X11BROWSERS. If 'mozilla' fails
for whatever reasons then sticking "" in front of 'exec' in this line
exists $i && exec $i $*
may do, or do not, $DEITY knows what. This can be a security issue.
Likely hard to exploit if you do not have already a "better" access
but surely can be used in "practical jokes".
This can be fixed either by doing
sed -e 's/ .*//'
above or, possibly better in case some names would have blanks in it,
[ "$1" ] || return 1
just at the beginning of function 'exists'.
Version-Release number of selected component (if applicable):