Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bash Bug

From: chet () NIKE INS CWRU EDU (Chet Ramey)
Date: Thu, 22 Apr 1999 15:44:35 -0400


On Tue, 20 Apr 1999, Shadow wrote:


mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "


Bash 1.x screws up during PS1 substitution (\w, \W). Bash 2.x does not
seem to be vulnerable. Anyway, there's a hope even for those who want to
stick to 1.x: replace \w with $PWD, \W with ${PWD##*/} (no guarantee).


This is correct; the bug was fixed in bash-2.0, which was released in
December, 1996.  If you're still running 1.14.x, or earlier versions,
you should upgrade to bash-2.03.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet)

Chet Ramey, Case Western Reserve University     Internet: chet () po CWRU Edu
Previous By Date Next
Previous By Thread Next

Current thread: