[3349] in bugtraq
Re: BUG in /bin/bash
daemon@ATHENA.MIT.EDU (Eugene Bradley)
Fri Sep 13 19:05:02 1996
Date: Fri, 13 Sep 1996 15:40:57 -0400
Reply-To: Eugene Bradley <ebradley@andromeda.rutgers.edu>
From: Eugene Bradley <ebradley@andromeda.rutgers.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Roger Espel Llima <espel@clipper.ens.fr> writes:
-----BEGIN PGP SIGNED MESSAGE-----
on Sep 13, Roger Espel Llima <espel@clipper.ens.fr> writes:
# That reminds me of a similar "little-known feature" on SunOS and
# Solaris, where /bin/sh interprets '^' as a synonym for '|' :
#
# $ sh -c 'echo blah ^ cat'
# blah
Interestingly, I tested for this same "feature" on an SCO OpenServer
5.0 box and got the same results! Fortunately for me I got a cat:
command not found error upon testing on a FreeBSD 2.1.0-RELEASE box
I also use.
This surprised me as the ^ is now an obsolete synonym for the |
pipeline, and was recommended to be given a wide berth in shell
scripts, as ^ is incompatible with ksh. (from the sh man page on SCO
OpenServer 5.0)
# Again this could be exploited to fool CGI scripts (and ircII
# scripts too) which execute shell commands with user-supplied data,
# after checking for things like ';', '|' and '&'.
For now I've added ^ to my list of shell command checks when people
want to write CGI scripts.
Hopefully they'll fix sh soon...
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMjm4vhskmjHS+zH1AQHL+QQAm5ugIhNSOH0+A9GRlaDejU9b4qEw+/ZH
8lj0Wriet5JF89TZquzJdjBbs5Jiyn/h9IW8D6DO4VymWLZQcD5rZTTIMtMhzk1k
XHSwLMHYnQL/NXYcOqMnq6N9swrg6LuX4pXJOBOW+oXwc/fJ3sCnK8Snu5uOV9Px
9REjvRTsQRY=
=Ja9K
-----END PGP SIGNATURE-----
--
Eugene Bradley | finger me for my PGP public key
webmaster of misery.winter.org
PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E
<a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>
