[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#62888: [bug] zless will not work when LESSSECURE is set

From: Marcus Müller
Subject: bug#62888: [bug] zless will not work when LESSSECURE is set
Date: Sun, 16 Apr 2023 15:19:12 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0

Dear Mailing List and esp. Maintainers,

as found out via investigation[1] triggered by the same bug in a different implementation of `zless`, gzip's `zless` has a bug:

When you (as is generally kind of not a bad idea to do) have exported LESSSECURE=1, `less` will refuse to work with programs passed through


as piped-through processes. Now, that's the central working principle of 
`zless` [2]:

|LESSOPEN="|$check_exit_status${use_input_pipe_on_stdin}gzip -cdfq -- %s"|

Thus, in environments with reasonable security settings, `less` will not run `gzip`, hence will tell the user that "input is a binary file" and try to display the compressed original file.

I'd blame `less` a tiny bit for not even informing the user about things being ignored, but then again, it's how its always worked.

So, to the unsuspecting user

export LESSSECURE=1 # often done in /etc/profile or similar place
echo "Hello World" > helloworld.txt
gzip helloworld.txt
zless helloworld.txt.gz

will result in

"helloworld.txt.gz" may be a binary file. See it anyway? y
helloworld.txt.gz (END)

Best regards,

[1] https://unix.stackexchange.com/questions/743049/issue-viewing-compressed-file-with-zless-but-not-with-zmore-or-gunzip-c#comment1412495_743050+
[2] https://git.savannah.gnu.org/cgit/gzip.git/tree/zless.in#n77

reply via email to

[Prev in Thread] Current Thread [Next in Thread]