[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-readline] INPUTRC issues

From: Grisha Levit
Subject: [Bug-readline] INPUTRC issues
Date: Tue, 24 May 2016 01:51:47 -0400

This issue seems fairly minor, but RHEL (and maybe others) allow INPUTRC through sudo by default so perhaps this warrants some attention.

Something silly like:

echo '$include /tmp/X' > /tmp/X
INPUTRC=/tmp/X sudo bash -c 'read -e'

Will segfault:

Program terminated with signal 11, Segmentation fault.
#0  0x00007f275ac948d7 in __GI___libc_malloc (address@hidden) at malloc.c:2895
2895      victim = _int_malloc(ar_ptr, bytes);
(gdb) bt
#0  0x00007f275ac948d7 in __GI___libc_malloc (address@hidden) at malloc.c:2895
#1  0x0000000000474e40 in xmalloc (address@hidden) at xmalloc.c:112
#2  0x00000000004bc6c3 in tilde_expand (address@hidden "/tmp/X") at ./tilde.c:202

(at slightly different places, depending on other directives in the file).

Since there is already current_readline_init_include_level, maybe implementing a max level for $include’s would be worthwhile.

The devel version of readline also has a lot more _rl_init_file_error calls that include portions of the parsed file, which would allow leaking portions of arbitrary file content. That’s probably more of a concern for sudo package maintainers though.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]