Bug#515670: update-grub uses grep insecurely
Markus Koller
markus-koller at gmx.ch
Mon Feb 16 20:11:58 UTC 2009
Package: grub
Version: 0.97-47lenny2
Hello
The following code snippet in /usr/sbin/update-grub (starting in line 141)
fails when GREP_OPTIONS is set to '-i' (ignore case):
raiddev=$(mdadm -D $1 | grep -A1 "Number" | grep "dev" \
| sed "s/^.*\(\/dev\/.*\)$/\1/")
The reason being that the first line also includes the string 'dev' inside
'RaidDevice':
Number Major Minor RaidDevice State
0 8 1 0 active sync /dev/sda1
1 8 17 1 active sync /dev/sdb1
I guess you could use 'tail -n 1' or a more specific regex.
Thanks and cheers on the Lenny release,
Markus
More information about the Pkg-grub-devel
mailing list