[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 30 Mar 2024 21:50:19 +0100
From: Fay Stegerman <flx@...usk.net>
To: oss-security@...ts.openwall.com
Cc: Jonathan Schleifer <js@....im>
Subject: Re: Re: backdoor in upstream xz/liblzma leading to
ssh server compromise
* "Rein Fernhout (Levitating)" <me@...itati.ng> [2024-03-30 18:07]:
[...]
> You can just use 'sed r\n filename' and it should work. I think it just reads the file and appends a newline.
I don't know if this is relevant, but 'sed r\n filename' does not *in general*
"append a newline". It appends the file named after the 'r' (in this case a
file named 'n' -- assuming the backslash is interpreted by the shell and thus
doesn't really do anything) after each line of the file 'filename'; unless the
file 'n' doesn't exist, in which case it's equivalent to 'cat', except that it
will indeed happen to append a newline *but only if the original file doesn't
end with one*.
Thus it will behave quite differently depending on whether a file named 'n'
exists or not.
$ printf 'foo\nbar\n' > n
$ printf '1\n2\n3' > somefile
$ sed r\n somefile
1
foo
bar
2
foo
bar
3
foo
bar
$ sed rdoes-not-exist somefile
1
2
3
$ printf '\x00\n\x00' > somefile
$ xxd somefile
00000000: 000a 00
$ sed rdoes-not-exist somefile | xxd
00000000: 000a 000a
$ printf '\x00\n\x00\n' > somefile
$ sed rdoes-not-exist somefile | xxd
00000000: 000a 000a
- Fay
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
