man -K input validation

["Rasta C. Shell" <rasta () RSHELL ORG>]

I don't know if this will be any interesting since i don't think
it can gives you man uid/gid, but while looking at the man source code to
see whats seg-faulting the -K <longbuff> (didn't find anything, maybe
it's the grep that faults?) I notice that the -K <input> line is not
being validated before calling system, so a: man -K "';`/usr/bin/id`"
will run /usr/bin/id by man for you. luckily there's a setuid/gid call before
system.


--
http://www.rshell.org
Join #shellcode on EFnet.
rasta () rshell org