5 kx # Copyright (C) 2018 Free Software Foundation, Inc.
5 kx #
5 kx # Copying and distribution of this file, with or without modification,
5 kx # in any medium, are permitted without royalty provided the copyright
5 kx # notice and this notice are preserved.
5 kx
5 kx . $srcdir/test-lib.sh
5 kx
5 kx require cat
5 kx use_local_patch
5 kx use_tmpdir
5 kx
5 kx # ==============================================================
5 kx # Test for arbitrary command execution found in CVE-2018-0492 patch.
5 kx # GNU patch bug report can be found at http://savannah.gnu.org/bugs/index.php?53566
5 kx
5 kx cat > beep.patch <<EOF
5 kx --- /dev/null 2018-13-37 13:37:37.000000000 +0100
5 kx +++ b/beep.c 2018-13-37 13:38:38.000000000 +0100
5 kx 1337a
5 kx 1,112d
5 kx !id>~/pwn.lol;beep # 13-21 12:53:21.000000000 +0100
5 kx .
5 kx EOF
5 kx
5 kx check 'patch < beep.patch; echo "Status: $?"' <<EOF
5 kx Apply potentially dangerous ed script? This could allow arbitrary command execution! [n]
5 kx Skipping potentially dangerous ed script.
5 kx Status: 1
5 kx EOF
5 kx
5 kx check 'patch -e; echo "Status: $?"' <<EOF
5 kx Apply potentially dangerous ed script? This could allow arbitrary command execution! [n] $PATCH: **** Refusing to apply potentially dangerous ed script.
5 kx
5 kx Status: 2
5 kx EOF
Radix cross Linux
The main Radix cross Linux repository contains the build scripts of packages, which have the most complete and common functionality for desktop machines
452 Commits
2 Branches
1 Tag