bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Severe Bash Bug with Arrays


From: Greg Wooledge
Subject: Re: Severe Bash Bug with Arrays
Date: Fri, 27 Apr 2012 08:27:33 -0400
User-agent: Mutt/1.4.2.3i

On Thu, Apr 26, 2012 at 08:47:39PM -0700, Linda Walsh wrote:
> Obviously, they were not complete beginners to bash -- to be 
> reading
> arrays in from vars holding multi-line text?   I would assume they'd have 
> the
> intelligence to know when to use * or @ and I wouldn't have to talk down to 
> them
> and cover basics.

Oh, you would be amazed and astonished.  I've learned never to assume
a person possesses advanced knowledge, when it comes to programming
questions.

> > a=(lib tmp bin share)
> > (export IFS=,;eval "echo /usr/{${a[*]}}")
> /usr/lib /usr/tmp /usr/bin /usr/share
> 
> Anything else you wanna tell me NEVER/ALWAYS to do?

NEVER use eval plus a brace expansion to generate a list.  That's just
freakin' evil.  And unsafe:

imadev:~$ a=(lib tmp bin share '`date`')
imadev:~$ (export IFS=,;eval "echo /usr/{${a[*]}}")
/usr/lib /usr/tmp /usr/bin /usr/share /usr/Fri Apr 27 08:25:49 EDT 2012

(Replace `date` with whatever evil command you think is likely to be
put into the array by a malicious user.)


Alternative 1:
a=(lib tmp bin share)
echo "address@hidden/#//usr/}"

Alternative 2:
a=(lib tmp bin share)
printf "/usr/%s " "address@hidden"



reply via email to

[Prev in Thread] Current Thread [Next in Thread]