Re: The IFS variable - a confusing issue.

[Chet Ramey]

> 4. I am still using bash 2.05 but I see in the bash 3.0 Reference Manual 
> that "word splitting" is now done differently, thus closing a 
> "longstanding security hole". Where could I find more info concerning 
> this, in particular regarding whether it affects bash 2.05 and what 
> exactly was this vulnerability?         

You need to look at the entire sentence.  It reads:

  * The `IFS' variable is used to split only the results of expansion,
     not all words (*note Word Splitting::).  This closes a
     longstanding shell security hole.

Consider what would happen if IFS were imported from the environment and
used to split all words.  You could, for instance, set IFS to include `h',
wait for a script to run `echo', and provide your own command `ec'.  Get
the right person to do that, perhaps by writing a shell script front end
to another shell script and putting it into a directory in someone's $PATH
(which might include `.'), and you could have access to things you shouldn't.

Bash versions since very early on use IFS to split only the results of
expansions, as POSIX specifies.

Chet


-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet )
                                                Live...Laugh...Love
Chet Ramey, ITS, CWRU    chet@po.cwru.edu    http://tiswww.tis.cwru.edu/~chet/