[10326] in bugtraq
Re: Bash Bug
daemon@ATHENA.MIT.EDU (Chet Ramey)
Thu Apr 22 23:25:40 1999
Date: Thu, 22 Apr 1999 15:44:35 -0400
Reply-To: chet@po.CWRU.Edu
From: Chet Ramey <chet@NIKE.INS.CWRU.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Message from peak@ARGO.TROJA.MFF.CUNI.CZ of Thu, 22 Apr 1999
11:16:06 +0200 (id <19990422111046.25EC.0@argo.troja.mff.cuni.cz>)
> On Tue, 20 Apr 1999, Shadow wrote:
>
> > mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
>
> Bash 1.x screws up during PS1 substitution (\w, \W). Bash 2.x does not
> seem to be vulnerable. Anyway, there's a hope even for those who want to
> stick to 1.x: replace \w with $PWD, \W with ${PWD##*/} (no guarantee).
This is correct; the bug was fixed in bash-2.0, which was released in
December, 1996. If you're still running 1.14.x, or earlier versions,
you should upgrade to bash-2.03.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet)
Chet Ramey, Case Western Reserve University Internet: chet@po.CWRU.Edu
