stunnel v4 splits command line arguments, v3 does not
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| stunnel4 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: stunnel4
The program /usr/bin/stunnel behaves differently when installed from stunnel4 compared to stunnel. When executing
stunnel -c -f -A "${_send_
with "stunnel" package, this will create a file "aaa bbb" in the current working directory
Same call with "stunnel4" package gives error message, because string "touch \"aaa bbb\"" is splitted and so bash -c just takes touch without argument, and "aaa" and "bbb" are first/second argument to bash process, not touch.
touch: missing file operand
Try `touch --help' for more information.
This is rather annoying, because that makes it impossible to use the same calls to /usr/bin/stunnel depending on platform and installed packages.
| Roman Fiedler (roman-fiedler-deactivatedaccount) wrote | #1 |
The handling of all other command line arguments has changed also, e.g.
mv server.cert $'server.
stunnel -c -f -D 4 -v 3 -A 'server.cert
someoption = yyy' -r "${_send_
file descriptor line 6: Specified option name is not valid here
Since I hope that no one will execute stunnel with certificate file supplied by lower privileged user or remote system, this cannot be used in any malicious way.