Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: BUG in /bin/bash
From: ebradley () andromeda rutgers edu (Eugene Bradley)
Date: Fri, 13 Sep 1996 15:40:57 -0400


-----BEGIN PGP SIGNED MESSAGE-----

on Sep 13, Roger Espel Llima <espel () clipper ens fr> writes:

#   That reminds me of a similar "little-known feature" on SunOS and
# Solaris, where /bin/sh interprets '^' as a synonym for '|' :
#
# $ sh -c 'echo blah ^ cat'
# blah

Interestingly, I tested for this same "feature" on an SCO OpenServer
5.0 box and got the same results!  Fortunately for me I got a cat:
command not found error upon testing on a FreeBSD 2.1.0-RELEASE box
I also use.

This surprised me as the ^ is now an obsolete synonym for the |
pipeline, and was recommended to be given a wide berth in shell
scripts, as ^ is incompatible with ksh. (from the sh man page on SCO
OpenServer 5.0)

#   Again this could be exploited to fool CGI scripts (and ircII
# scripts too) which execute shell commands with user-supplied data,
# after checking for things like ';', '|' and '&'.

For now I've added ^ to my list of shell command checks when people
want to write CGI scripts.

Hopefully they'll fix sh soon...

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMjm4vhskmjHS+zH1AQHL+QQAm5ugIhNSOH0+A9GRlaDejU9b4qEw+/ZH
8lj0Wriet5JF89TZquzJdjBbs5Jiyn/h9IW8D6DO4VymWLZQcD5rZTTIMtMhzk1k
XHSwLMHYnQL/NXYcOqMnq6N9swrg6LuX4pXJOBOW+oXwc/fJ3sCnK8Snu5uOV9Px
9REjvRTsQRY=
=Ja9K
-----END PGP SIGNATURE-----

--
              Eugene Bradley | finger me for my PGP public key
                       webmaster of misery.winter.org
    PGP Fingerprint = 55 70 DE 84 FE E1 3D 50  7F C2 88 22 30 8C 81 9E
   <a href="http://www.armory.com/~ebradley";> Eugene's W^3 Duckpond </a>



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault