bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Doc] wrong usage example for dircolors


From: Stephane Chazelas
Subject: [Doc] wrong usage example for dircolors
Date: Tue, 14 Dec 2004 17:30:52 +0000
User-agent: Mutt/1.5.6i

That "typical usage example" in the info page for dircolors:

     eval `dircolors [OPTION]... [FILE]`

(see
http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/coreutils/coreutils/doc/coreutils.texi?rev=1.233
@example
eval `dircolors address@hidden@dots{} address@hidden
@end example)

is not correct and can be exploited in various ways if someone
has such line in his ~/.shellrc.

It should be:

eval "`dircolors [OPTION... [FILE]`"

Otherwise, it is subject to word splitting and filename
generation so that one can have any user run any arbitrary code
by simply creating files with the proper name.

For instance, if dircolors -b outputs:

LS_COLORS='no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=0
1;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*
.tgz=01;31:';
export LS_COLORS

and one does:

touch "LS_COLORS='no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;\
35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:Z.tar=\
01;31:'; rm -rf \$HOME; : '.tgz=01;31:';"

then

eval `dircolors -b`

deletes the home of everyone who is running it in the directory
containing that file.

I've been told some Linux distributions have this kind of line
in the system /etc/bash.bashrc

-- 
Stéphane





reply via email to

[Prev in Thread] Current Thread [Next in Thread]