Namazu-devel-en(old)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

smbfs, mp3, and deb.pl/rpm.pl system() call



Hi all,
First thanks for the great software you did with namazu.
I just had little trouble that I want to report you.

I tried to index a smb mounted directory,
but mknmz failed to traverse any directory.
It stop indexing at the first directory level.
The file server is samba 2.2.3a on FreeBSD4.5,
the client is smbmount 2.2.3a on Linux slackware8.
Everything works fine on local dirs, and on NFS mounted dirs.
This might be a problem in sub add_target() in mknmz...
I'll dug it later if needed (?)

I use namazu 2.0.10 with my own made mp3 filter (see attached)
I used mp3 tools from Matthew Sachs
http://www.zevils.com/linux/mp3tools/
wich uses MP3::Info modules from CPAN
http://sf.net/projects/mp3-info/
and want you to know about, and do whatever you want with
I can write little note if you want to include it in distribution....

You might also have a look at the sub backslah_shellchars in mp3.pl,
to include it in util.pl . Because there might be a bug in rpm.pl
wich affect the system() call ( filter/rpm.pl line 71 ) that may
be exploitable with a evily crafted filename, to execute arbitary code on system...
you might want to consider using backslah_shellchars on $cfile before sending it to
system() . It might also be exploitable on deb.pl

that's all folks !!!
thanks again for the great work
Luc


Attachment: mp3.pl
Description: Binary data