Date: 7 Aug 1999 21:17:46 -0000
Message-ID: <19990807211746.6542.qmail@utopia>
From: korn@eik.bme.hu
Subject: joe: Potential security risk: control characters in filenames are printed without filtering.
To: submit@bugs.debian.org

Package: joe
Version: 2.8-12
Severity: normal

Hi,

if you create a file named ^G (ctrl-g) and open it in joe, you will hear a
beep as the status line is updated; you will also hear it upon exit, when
joe prints the message about not updating the file because it was not
changed.

A malicious user could create a file whose name contains more harmful
control characters and wait for another user to open that file in joe
(perhaps inadvertently; e.g. by using the TAB completion of many shells, or
from a graphical user interface).

I admit this is a long shot, but still: filenames should be filtered and
control characters removed before the name of the file is printed.

This potentially affects many other packages as well. grep is also
vulnerable; I will post a separate report for that package, but currently
I don't have the time to check any others.

Best regards,

-- 
  Andrew Korn (Korn Andras) <korn@eik.bme.hu>  http://goliat.eik.bme.hu/~korn
    Finger korn@goliat.eik.bme.hu for pgp key.  Homepage is obsolete. QOTD:
        A little bit of censorship is like being a little bit pregnant.

-- System Information
Debian Release: potato
Kernel Version: Linux utopia 2.2.10-ac12 #59 Fri Jul 23 17:23:40 CEST 1999 i586 unknown

Versions of the packages joe depends on:
ii  libc6           2.1.2-0pre1    GNU C Library: Shared libraries and timezone
ii  libncurses4     4.2-3.2        Shared libraries for terminal handling