bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [t2] Re: Where are the version controlled Bash sources?


From: George
Subject: Re: [t2] Re: Where are the version controlled Bash sources?
Date: Tue, 04 Jan 2005 00:35:45 +0100

Hi all.

On Mon, 2005-01-03 at 23:39, Rene Rebe wrote:
> Hi,
> 
> Chet Ramey wrote:
>  > > Could you spent some words what change is your official fix for the bug, 
> also mentioned here:
>  > >
>  > > http://lists.gnu.org/archive/html/bug-bash/2004-11/msg00366.html
>  > >
>  > > I spent some time debugging it already and need this annoying bug to be 
> fixed ... :-(
>  > >
> > Why is it that annoying?
> 
> - security issue (might be possible to exploit)
> 
> - no input should crash the shell - imagine a simple mistyped
>    statement
> 
> but most importantly:
> 
> - for some projects I do rely on beeing able to dump the current
>    state (declare -p IIRC) and source it for later execution - of
>    course this core dumps now in many cases!
> 
> > BASH_SOURCE, BASH_LINENO, and FUNCNAME are not
> > intended to be modified by the user.  What requires you to do so?

If they are not intended to be modified, than it will not hurt setting
the attributes accordingly, or?

> Mostly the state saving as listed above.
> 
> >> A verbose explanation would be welcome - a real patch even more. Many 
> >> thanks!
> > 
> > 
> > Two parts:  make sure the variables aren't created with the `invisible'
> > attribute set, and make sure the `non-unsettable' flag is set for
> > BASH_ARGC, BASH_ARGV, BASH_SOURCE, and BASH_LINENO. The `no-assignment' 
> > flag should already be set.
> 
> Well ok. Can't you just send the patch? e.g. maybe even publish it as 
> bash30-017?
> 
> Thanks in advance,

We have created a patch which is available at
http://svn.exactcode.de/t2/trunk/package/shells/bash/segfault-on-assign-dynamic.patch

Maybe you can comment on it.

Cheers, George





reply via email to

[Prev in Thread] Current Thread [Next in Thread]