oss-sec mailing list archives
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not?
From: Eitan Adler <lists () eitanadler com>
Date: Thu, 13 Dec 2012 00:54:12 -0500
On 12 December 2012 11:51, Jan Lieskovsky <jlieskov () redhat com> wrote:
The questions: 1) should Geany escape the filenames?,
Up to the maintainers.
2) is this a security issue or not?
Unlikely. Is there a way a malicious document could cause code execution without user action? -- Eitan Adler
Current thread:
- Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 12)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Frank Lanitz (Dec 12)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Eitan Adler (Dec 12)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Colomban Wendling (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Matthew Brush (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)