[Bug 1411318] Re: arbitrary code execution
Phillip Sz
1411318 at bugs.launchpad.net
Fri Jan 30 21:25:00 UTC 2015
"<kurahaupo> [22:16:18] phillip: anything on Woolledge's Wiki can be assumed to be known to Chet, yes
<kurahaupo> phillip: the loop reference problem is potentially fixable; the code-in-referents is not, at least not without breaking existing code somewhere, which is a no-no" I reported this here, so that someone maybe checks if this bug, can influence ubuntu's security.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1411318
Title:
arbitrary code execution
Status in bash package in Ubuntu:
Confirmed
Bug description:
"The problem with bash's name references
Bash 4.3 introduced declare -n ("name references") to mimic Korn
shell's nameref feature, which permits variables to hold references to
other variables (..). Unfortunately, the implementation used in Bash
has some issues.
{…} Bash's name reference implementation still allows arbitrary code
execution:
$ foo() { declare -n var=$1; echo "$var"; }
$ foo 'x[i=$(date)]'
bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token is "Mar 27 16:34:09 EDT 2014")
It's not an elegant example, but you can clearly see that the date
command was actually executed. This is not at all what one wants."
source: http://mywiki.wooledge.org/BashFAQ/048
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions
More information about the foundations-bugs
mailing list