[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: smbfs, mp3, and deb.pl/rpm.pl system() call
- From: knok@xxxxxxxxxxxxx (NOKUBI Takatsugu)
- Date: Mon, 25 Mar 2002 15:14:13 JST
- X-ml-name: namazu-devel-en
- X-mail-count: 00056
In article <3ZB9NJ0521ROOM42C775LK08HEA1XUT.3c9903e3@flocky>
>> I tried to index a smb mounted directory,
>> but mknmz failed to traverse any directory.
>> It stop indexing at the first directory level.
I had got such reports. It should be filesystem's issue. Hideyuki
SHIRAI was suggested to set the following line in mknmzrc.
$File::Find::dont_use_nlink = 1;
>> I use namazu 2.0.10 with my own made mp3 filter (see attached)
>> I used mp3 tools from Matthew Sachs
>> wich uses MP3::Info modules from CPAN
>> and want you to know about, and do whatever you want with
>> I can write little note if you want to include it in distribution....
That's great. I had thougt such filter, but I could't write it because
I have a little time.
However, ... the filter is not GPL license. To include distribution,
it must need GPL compliant license. Is the BEER License is GPL
compliant? Or just a joke?
>> You might also have a look at the sub backslah_shellchars in mp3.pl,
>> to include it in util.pl . Because there might be a bug in rpm.pl
>> wich affect the system() call ( filter/rpm.pl line 71 ) that may
>> be exploitable with a evily crafted filename, to execute arbitary code on system...
>> you might want to consider using backslah_shellchars on $cfile before sending it to
>> system() . It might also be exploitable on deb.pl
Oops, that's bad. I'll try to fix it. Thank you.
knok@xxxxxxxxxx / knok@xxxxxxxxxx