on Linux, 'less' can probably get you owned

Posted by Michal Zalewski on Nov 23

Many Linux distributions ship with the ‘less’ command automagically
interfaced to ‘lesspipe’-type scripts, usually invoked via LESSOPEN.
This is certainly the case for CentOS and Ubuntu.

Unfortunately, many of these scripts appear to call a rather large
number of third-party tools that likely have not been designed with
malicious inputs in mind. On CentOS, lesspipe appears to include
things such as groff + troff + grotty,…

Leave a Reply