[10335] in bugtraq
Re: Bash Bug
daemon@ATHENA.MIT.EDU (Ph. Rueegsegger)
Fri Apr 23 13:23:52 1999
Message-Id: <99Apr23.113324gmt+0100.13449-1@gateway.spectrospin.ch>
Date: Fri, 23 Apr 1999 11:25:58 +0100
Reply-To: "Ph. Rueegsegger" <philip.rueegsegger@BRUKER.CH>
From: "Ph. Rueegsegger" <philip.rueegsegger@BRUKER.CH>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <371e6fd4.13342@crystal.dragonfire.net>
Date sent: Thu, 22 Apr 1999 01:39:48 +0100
Send reply to: Andy Church <achurch@DRAGONFIRE.NET>
From: Andy Church <achurch@DRAGONFIRE.NET>
Subject: Re: Bash Bug
Originally to: shadow@OPERATOR.ORG
To: BUGTRAQ@netspace.org
Hello together
> >Figured while everyone was working with bash, I might as well
make this
> >one public(I apologize if this is old news, apparently it hasnt been fixed
> >if so).
> >
> >If a user creates a directory with a command like
> >
> >mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
Not bad !
> >
> >and someone cd's into said directory, either by accident, or whatever,
> >then it will cause it to actually execute.
>
> Just to clarify, this only happens if PS1 (the bash prompt) contains
> \w or \W _and_ a prompt is displayed containing the bogus directory name.
> This means unattended shell scripts are safe. As a workaround, use `pwd`
> in place of \w.
Sorry, with bash version 2.01.1 (supplied with SuSE5.3) is just the
opposite of what you are clarifying. If one has \w or \W specified in
PS1 to show the path, it does NOT happen and if `pwd` is specified
instead of \w or \W it DOES happen.
>
> Tested with bash 1.14 (it's the only one I have handy).
>
> --Andy Church
> achurch@dragonfire.net
> http://achurch.dragonfire.net/
Kind regards
Phibus
-----------------------------------------------------------
Philip Rueegsegger
System Manager
Bruker AG Direct dial : +41-1-825 93 46
Industriestrasse 26 Telephone : +41-1-825 91 11
CH-8117 Faellanden Telefax : +41-1-825 94 69
Switzerland E-Mail : philip.rueegsegger@bruker.ch
-----------------------------------------------------------
