bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is this exploitable?


From: Jon Seymour
Subject: Re: Is this exploitable?
Date: Mon, 11 May 2009 23:23:23 +1000

Yes, I realised that I should have at least used // after I posted,
not that that would have been sufficient. Thanks for the solution.

jon.

On Mon, May 11, 2009 at 10:20 PM, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
> On Mon, May 11, 2009 at 10:35:18AM +1000, Jon Seymour wrote:
>> I am trying to parse untrusted strings and represent in a form that
>> would be safe to execute.
>
> printf "%q"
>
>> cmd="echo"
>> for a in "$@"
>> do
>>     cmd="$cmd '${a/\'/''}'"
>> done
>> echo "$cmd"
>> eval "$cmd"
>
> http://mywiki.wooledge.org/BashFAQ/050 - I'm trying to put a command in
> a variable, but the complex cases always fail!
>
> Your escaping is wrong in any event.  You don't escape an apostrophe
> by putting another apostrophe in front of it.  I.e., this is NOT valid
> bash syntax:
>
>  echo 'can''t'
>
> This is:
>
>  echo 'can'\''t'
>
> Also, your parameter expansion is only handling the FIRST apostrophe
> in each argument.  That's surely not enough.
>
> As I said earlier: printf "%q"
>
>> Is my code safe, or can someone maliciously choose arguments to
>> as-echo.sh that could cause it (as-echo.sh) to do something other than
>> write to stdout?
>
> imadev:~$ ./as-echo.sh ls "can't';date'"
>  'ls' 'can''t';date''
> cant not found
> Mon May 11 08:19:33 EDT 2009
>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]