help-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is *splitting every word* is a shell security hole?

From: alex xmb sw ratchev
Subject: Re: Why is *splitting every word* is a shell security hole?
Date: Wed, 21 Aug 2024 20:57:46 +0200 
On Wed, Aug 21, 2024, 5:15 PM Chet Ramey <chet.ramey@case.edu> wrote:

> On 8/19/24 7:41 AM, shynur . wrote:
> > Hi, friends,
> >
> > I'm reading the paper by Chet Ramey.
> > Here: <https://tiswww.case.edu/php/chet/bash/rose94.pdf>.
> >
> > In section 4.2.5:
> >> Bash and ksh split only the results of expansion,
> >> rather than every word as sh does, closing a
> >> long-standing shell security hole.
> >
> > Why is *splitting every word* is a shell security hole?
>
> Consider setting IFS to something that's not the default and using it to
> split words (not expansions) that a user might reasonably expect to remain
> unchanged.
>
> Then you write a shell function or script (or other executable) whose name
> is something like
>
> `ec'
>
> setting IFS="${IFS}h"
>

IFS+=h

nm , thxx

and you get to run it the next time the user uses `echo'.
>
> This is obviously contrived, but the principle should be obvious.
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>                  ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/
>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]