[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The IFS variable - a confusing issue.
From: |
Chet Ramey |
Subject: |
Re: The IFS variable - a confusing issue. |
Date: |
Mon, 11 Oct 2004 15:28:13 -0400 |
> 4. I am still using bash 2.05 but I see in the bash 3.0 Reference Manual
> that "word splitting" is now done differently, thus closing a
> "longstanding security hole". Where could I find more info concerning
> this, in particular regarding whether it affects bash 2.05 and what
> exactly was this vulnerability?
You need to look at the entire sentence. It reads:
* The `IFS' variable is used to split only the results of expansion,
not all words (*note Word Splitting::). This closes a
longstanding shell security hole.
Consider what would happen if IFS were imported from the environment and
used to split all words. You could, for instance, set IFS to include `h',
wait for a script to run `echo', and provide your own command `ec'. Get
the right person to do that, perhaps by writing a shell script front end
to another shell script and putting it into a directory in someone's $PATH
(which might include `.'), and you could have access to things you shouldn't.
Bash versions since very early on use IFS to split only the results of
expansions, as POSIX specifies.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet )
Live...Laugh...Love
Chet Ramey, ITS, CWRU chet@po.cwru.edu http://tiswww.tis.cwru.edu/~chet/
Message not available