Aucbvax.5396
net.2bsd-bugs
utzoo!decvax!ucbvax!dist2
Sun Dec  6 02:58:31 1981
FIXED:  bug in src/more/more.c
       There is a bug in "more" which raises its ugly head when the input
       to more is a pipe, and a shell escape is performed.  The piped input
       becomes piped to the shell escape causing all sorts of mysterious
       results, at least when the shell escape reads standard input.
       This problem commonly appears reading netnews.  The fix is simple --
       if stdin is not from a tty, it must be closed before exec'ing the
       shell escape.

I know of some sites which take advantage of this bug to allow free logins
to use more without worrying about the security problems inherent with being
able to fork subshells.  Nevertheless, it is a bug and exists in 4.1BSD as
well.  The suggested fix works as well as anything:

       diff src/more/more.c.old src/more/more.c
       1077a1078,1081
       >               if (no_intty)   {
       >                       close(0);
       >                       dup(2);
       >               }

This change is necessary on tapes written before 12/5/81.

                       Carl

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.