bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug Reporting


From: Charles Daffern
Subject: Re: Bug Reporting
Date: Tue, 09 Jun 2015 10:14:49 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0

On 09/06/15 09:27, Pierre Gaston wrote:
> Well it tries to execute the file and show the lines where it gets an
> error, it's a useful behavior when you try to write a script.
>
> If you have read access to these files and can run bash, you can print
> them anyway eg:
>
> bash -c 'echo  "$(</etc/passwd)" '
>
> so it's hardly a security issue.
>
I'd say it's not one at all. Any security issue here would not be bash's
fault.
If bash can read the file, then so can any other program on the system.
There are exceptions: if you set bash as suid/sgid which you shouldn't
do, or if you have a poor MAC configuration in your OS (e.g. poorly
configured SELinux/GRSecurity).

The reason it shows as an error is because in the example given (bash -i
/etc/passwd), bash is being instructed to treat /etc/passwd as a bash
script. It's not a bash script, so bash complains about it.

You could as easily get the contents of /etc/passwd using 'cat'.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]