Home page logo

bugtraq logo Bugtraq mailing list archives

Re: BUG in /bin/bash
From: ebradley () andromeda rutgers edu (Eugene Bradley)
Date: Fri, 13 Sep 1996 15:40:57 -0400


on Sep 13, Roger Espel Llima <espel () clipper ens fr> writes:

#   That reminds me of a similar "little-known feature" on SunOS and
# Solaris, where /bin/sh interprets '^' as a synonym for '|' :
# $ sh -c 'echo blah ^ cat'
# blah

Interestingly, I tested for this same "feature" on an SCO OpenServer
5.0 box and got the same results!  Fortunately for me I got a cat:
command not found error upon testing on a FreeBSD 2.1.0-RELEASE box
I also use.

This surprised me as the ^ is now an obsolete synonym for the |
pipeline, and was recommended to be given a wide berth in shell
scripts, as ^ is incompatible with ksh. (from the sh man page on SCO
OpenServer 5.0)

#   Again this could be exploited to fool CGI scripts (and ircII
# scripts too) which execute shell commands with user-supplied data,
# after checking for things like ';', '|' and '&'.

For now I've added ^ to my list of shell command checks when people
want to write CGI scripts.

Hopefully they'll fix sh soon...

Version: 2.6.2


              Eugene Bradley | finger me for my PGP public key
                       webmaster of misery.winter.org
    PGP Fingerprint = 55 70 DE 84 FE E1 3D 50  7F C2 88 22 30 8C 81 9E
   <a href="http://www.armory.com/~ebradley";> Eugene's W^3 Duckpond </a>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]