NEW: sysutils/vifm

classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/vifm

Dmitrij D. Czarkoff-2
Stuart Henderson said:
> On 2016/02/02 21:58, Landry Breuil wrote:
> > Oh, and the code in src/int/file_magic.c even has a fallback to use file
> > %s -b --mime-type called via popen()..
>
> It would be nice to kill the other options and use file(1) from base
> as the only detection method, it is *loads* safer.

Well, the actual code is:

| snprintf(command, sizeof(command), "file \"%s\" -b --mime-type", filename);

Note double quotes.  Of course no quoting is performed on filename.
Thus:

1. If filename contains double quote, vifm sigfaults.
2. If filename is nasty, nasty things happen.  Eg. I renamed a png image
   to "$(echo text)", and vifm opened it in vi.  I guess filename
   "`doas rm -Rf $HOME/*`" will also pleasantly surprise user.

--
Dmitrij D. Czarkoff

Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/vifm

Stuart Henderson-6
On 2016/02/03 00:25, Dmitrij D. Czarkoff wrote:

> Stuart Henderson said:
> > On 2016/02/02 21:58, Landry Breuil wrote:
> > > Oh, and the code in src/int/file_magic.c even has a fallback to use file
> > > %s -b --mime-type called via popen()..
> >
> > It would be nice to kill the other options and use file(1) from base
> > as the only detection method, it is *loads* safer.
>
> Well, the actual code is:
>
> | snprintf(command, sizeof(command), "file \"%s\" -b --mime-type", filename);
>
> Note double quotes.  Of course no quoting is performed on filename.
> Thus:
>
> 1. If filename contains double quote, vifm sigfaults.
> 2. If filename is nasty, nasty things happen.  Eg. I renamed a png image
>    to "$(echo text)", and vifm opened it in vi.  I guess filename
>    "`doas rm -Rf $HOME/*`" will also pleasantly surprise user.

Ugh. I have seen CVEs assigned for smaller problems than that!

Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/vifm

Dmitrij D. Czarkoff-2
Stuart Henderson said:

> On 2016/02/03 00:25, Dmitrij D. Czarkoff wrote:
> > Stuart Henderson said:
> > > On 2016/02/02 21:58, Landry Breuil wrote:
> > > > Oh, and the code in src/int/file_magic.c even has a fallback to use file
> > > > %s -b --mime-type called via popen()..
> > >
> > > It would be nice to kill the other options and use file(1) from base
> > > as the only detection method, it is *loads* safer.
> >
> > Well, the actual code is:
> >
> > | snprintf(command, sizeof(command), "file \"%s\" -b --mime-type", filename);
> >
> > Note double quotes.  Of course no quoting is performed on filename.
> > Thus:
> >
> > 1. If filename contains double quote, vifm sigfaults.
> > 2. If filename is nasty, nasty things happen.  Eg. I renamed a png image
> >    to "$(echo text)", and vifm opened it in vi.  I guess filename
> >    "`doas rm -Rf $HOME/*`" will also pleasantly surprise user.
>
> Ugh. I have seen CVEs assigned for smaller problems than that!

I've added a naive patch to openbsd-wip version of this port.  Vifm
still opens renamed png in vi, but at least does not execute commands.

--
Dmitrij D. Czarkoff

Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/vifm

Dmitrij D. Czarkoff-2
In reply to this post by Landry Breuil-6
Landry Breuil said:
> Tried with just the file backend enabled, it's "less" rich than the
> gtk/libmagic combination but works for pdf/jpg/txt/mp3. No match for tgz,
> proposes fuse-archivemount for .tar.gz, proposes text editor for
> gpx/gsb... for the latter, the correct mimetype was found and the best
> handler was proposed. I guess that's what you get for using file from
> base which is ... basic.

I somehow overlooked the fact that vifm only uses X11 to set window
title.  I bet people may live without this feature.  (I thought it uses
X11 for clipboard.)  Provided that basic things work with file(1)
backend, FLAVORs indeed don't seem a good idea.

Attached tarball contains a non-FLAVORed port for vifm with all optional
features disabled.  Brief testing demonstrates that it is buggy (prints
artifacts in file info dialog for some file names, provides different
set of handlers for the files with same mime type, seldom picks
different handlers for the same file).  I believe that my patch makes
file(1) usage in this port at least safer then it was.

FLAVORed version is still available in openbsd-wip repo.

I am not really interested in vifm, so I leave this port here as it is.

--
Dmitrij D. Czarkoff

vifm-0.8.1.tgz (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/vifm

Landry Breuil-6
In reply to this post by Dmitrij D. Czarkoff-2
On Wed, Feb 03, 2016 at 12:42:34AM +0100, Dmitrij D. Czarkoff wrote:

> Stuart Henderson said:
> > On 2016/02/03 00:25, Dmitrij D. Czarkoff wrote:
> > > Stuart Henderson said:
> > > > On 2016/02/02 21:58, Landry Breuil wrote:
> > > > > Oh, and the code in src/int/file_magic.c even has a fallback to use file
> > > > > %s -b --mime-type called via popen()..
> > > >
> > > > It would be nice to kill the other options and use file(1) from base
> > > > as the only detection method, it is *loads* safer.
> > >
> > > Well, the actual code is:
> > >
> > > | snprintf(command, sizeof(command), "file \"%s\" -b --mime-type", filename);
> > >
> > > Note double quotes.  Of course no quoting is performed on filename.
> > > Thus:
> > >
> > > 1. If filename contains double quote, vifm sigfaults.
> > > 2. If filename is nasty, nasty things happen.  Eg. I renamed a png image
> > >    to "$(echo text)", and vifm opened it in vi.  I guess filename
> > >    "`doas rm -Rf $HOME/*`" will also pleasantly surprise user.
> >
> > Ugh. I have seen CVEs assigned for smaller problems than that!
>
> I've added a naive patch to openbsd-wip version of this port.  Vifm
> still opens renamed png in vi, but at least does not execute commands.

better report it directly upstream then ? :)

Landry

Reply | Threaded
Open this post in threaded view
|

Re: NEW: sysutils/vifm

Dmitrij D. Czarkoff-2
Landry Breuil said:

> On Wed, Feb 03, 2016 at 12:42:34AM +0100, Dmitrij D. Czarkoff wrote:
> > Stuart Henderson said:
> > > On 2016/02/03 00:25, Dmitrij D. Czarkoff wrote:
> > > > Stuart Henderson said:
> > > > > On 2016/02/02 21:58, Landry Breuil wrote:
> > > > > > Oh, and the code in src/int/file_magic.c even has a fallback to use file
> > > > > > %s -b --mime-type called via popen()..
> > > > >
> > > > > It would be nice to kill the other options and use file(1) from base
> > > > > as the only detection method, it is *loads* safer.
> > > >
> > > > Well, the actual code is:
> > > >
> > > > | snprintf(command, sizeof(command), "file \"%s\" -b --mime-type", filename);
> > > >
> > > > Note double quotes.  Of course no quoting is performed on filename.
> > > > Thus:
> > > >
> > > > 1. If filename contains double quote, vifm sigfaults.
> > > > 2. If filename is nasty, nasty things happen.  Eg. I renamed a png image
> > > >    to "$(echo text)", and vifm opened it in vi.  I guess filename
> > > >    "`doas rm -Rf $HOME/*`" will also pleasantly surprise user.
> > >
> > > Ugh. I have seen CVEs assigned for smaller problems than that!
> >
> > I've added a naive patch to openbsd-wip version of this port.  Vifm
> > still opens renamed png in vi, but at least does not execute commands.
>
> better report it directly upstream then ? :)

I'd leave this honor to maintainer.

--
Dmitrij D. Czarkoff

12