Re: FVWM: Security hole in FvwmM4 (?) and Manpage patch for FvwmM4 from Brandon Browning on 1996-12-04 (fvwm-users)

From: Brandon Browning <brandon_at_nwnet.net>
Date: Wed, 04 Dec 1996 08:33:39 -0800

> Also, I noticed that m4 is invoked as "m4". Could this be a
> security hole? Should the whole path be used by default, say
> /usr/bin/m4? Of course this breaks things if /usr/bin/m4 doesn't
> exist (like Solaris). However, there's always -m4prog to get the
> right one.

Instead of breaking it (or forcing the user to remember to use
-m4prog), how 'bout making it a compile time option, configurable
from Fvwm.tmpl? This is a no-brainer and is easy to implement.
Included are my diffs.

I haven't tested it per se, but it compiled and had the correct path
when I glanced at the binary.

-- 
Brandon M. Browning
Systems Engineer / Mailing List Maintainer
http://www.nwnet.net/
--8<------------------------------8<-----------------------------8<---
--- Fvwm.tmpl.orig	Wed Dec  4 08:21:59 1996
+++ Fvwm.tmpl	Wed Dec  4 08:19:14 1996
_at_@ -193,6 +193,13 @@
 
 
 /***************************************************************************
+ * Where M4 is located for FvwmM4.  Leave undefined if you don't have M4 or
+ * the M4 is in /usr/bin/m4
+ ***************************************************************************/
+/* #define M4Binary /usr/local/bin/m4 */
+
+
+/***************************************************************************
  * End of configuration items.  You shouldn't need to edit below here...
  ***************************************************************************/
 
_at_@ -284,6 +291,12 @@
         FVWMDIR = FvwmDir
 #else
         FVWMDIR = $(LIBDIR)/FvwmName
+#endif
+
+#ifdef M4Binary
+	M4 = M4Binary
+#else
+	M4 = /usr/bin/m4
 #endif
 
 #ifndef FvwmIconPath
--- modules/FvwmM4/Imakefile.orig	Wed Dec  4 08:21:06 1996
+++ modules/FvwmM4/Imakefile	Wed Dec  4 08:19:41 1996
_at_@ -12,6 +12,6 @@
 
 FvwmModuleTarget(FvwmM4)
 
-PATH_DEFINES = -DFVWMDIR=\"$(FVWMDIR)\"
+PATH_DEFINES = -DFVWMDIR=\"$(FVWMDIR)\" -DM4=\"$(M4)\"
 
 SpecialObjectRule(FvwmM4.o, $(FVWM_SRCDIR)/Fvwm.tmpl FvwmM4.c, $(PATH_DEFINES))
--- modules/FvwmM4/FvwmM4.c.orig	Wed Dec  4 08:11:36 1996
+++ modules/FvwmM4/FvwmM4.c	Wed Dec  4 08:12:08 1996
_at_@ -63,7 +63,7 @@
 int  m4_enable;                 /* use m4? */
 int  m4_prefix;                 /* Do GNU m4 prefixing (-P) */
 char m4_options[BUFSIZ];        /* Command line options to m4 */
-char *m4_prog = "m4";           /* Name of the m4 program */
+char *m4_prog = M4;             /* Name of the m4 program */
 int  m4_default_quotes;         /* Use default m4 quotes */
 char *m4_startquote = "`";         /* Left quote characters for m4 */
 char *m4_endquote = "'";           /* Right quote characters for m4 */      
--
Visit the official FVWM web page at <URL:http://www.hpc.uh.edu/fvwm/>.
To unsubscribe from the list, send "unsubscribe fvwm" in the body of a
message to majordomo_at_hpc.uh.edu.
To report problems, send mail to fvwm-owner_at_hpc.uh.edu.

Received on Wed Dec 04 1996 - 10:35:40 GMT

This archive was generated by hypermail 2.3.0 : Mon Aug 29 2016 - 19:37:59 BST