[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: currently doable? Indirect notation used w/a hash

From: Greg Wooledge
Subject: Re: currently doable? Indirect notation used w/a hash
Date: Mon, 10 Jun 2013 10:33:11 -0400
User-agent: Mutt/

On Mon, Jun 10, 2013 at 10:23:10AM -0400, Chris F.A. Johnson wrote:
> On Mon, 10 Jun 2013, Chris Down wrote:
> >Enjoy your arbitrary command execution.
>    Can you give me an example, using the code I posted, where that would 
>    happen?

> >On 10 Jun 2013 14:15, "Chris F.A. Johnson" <address@hidden> wrote:
> >>eval "array=( \"address@hidden" )"

imadev:~$ foobar() { set -x; eval "array=( \"address@hidden" )"; }
imadev:~$ foobar 'a}"); date; b=("${q'
+ foobar 'a}"); date; b=("${q'
+ set -x
+ eval 'array=( "${a}"); date; b=("address@hidden" )'
++ array=("${a}")
++ date
Mon Jun 10 10:31:41 EDT 2013
++ b=("address@hidden")

A really clever attack wouldn't leave those extra variables lying around,
either.  I stopped at "working" and didn't spend the extra time for

reply via email to

[Prev in Thread] Current Thread [Next in Thread]