It was pointed out[0] that ctags(1) uses some potentially dangerous
system(3) calls where user-supplied data is used with no sanity
checking. Since ctags(1) is not setuid and is not likely to be used
in a privileged situation, this is not a big deal. However, the
fix is relatively easy and less ugly than the current code, let's be
safe. (I'm sure there are about 2^134 other system(3) calls like this
out there.)
[0] On freebsd-security by Roman Bogorodskiy <bogorodskiy@inbox.ru>
with subject "ctags(1) command execution vulnerability."
projects / FreeBSD / FreeBSD.git / commit