[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple prob made into a security tragedy...oh well.... ;^/

From: Greg Wooledge
Subject: Re: simple prob made into a security tragedy...oh well.... ;^/
Date: Thu, 1 Jul 2021 07:35:56 -0400

On Thu, Jul 01, 2021 at 02:12:10AM -0700, L A Walsh wrote:
> What are you talking about?
>      njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }
> I don't see any arrays, let alone indexed.

The arrays were in the calls.  We demonstrated a few cases already.
Since you clearly weren't paying attention, here they are again.

First, the classic code injection:

unicorn:~$ njobs 'x[0$(date>&2)]'
Thu Jul  1 07:12:35 EDT 2021

Second, a user who wants to (legitimately) use an existing array, with
a space in the key:

unicorn:~$ declare -A jobs
unicorn:~$ njobs 'jobs[first time]'
bash: printf: `jobs[first': not a valid identifier

Third, a user who wants to (legitimately) use an existing array, where
the indexed reference is accidentally treated as a glob:

unicorn:~$ touch jobsx
unicorn:~$ njobs 'jobs[sixth]'
unicorn:~$ declare -p jobs jobsx
declare -A jobs
declare -- jobsx="0

Fourth, a user who accidentally or maliciously passes additional printf

unicorn:~$ njobs 'foo -v bar'
unicorn:~$ declare -p foo bar
bash: declare: foo: not found
declare -- bar="0

Quoting "$1" in your code would stop three of these four examples from
doing the wrong thing.  It makes no difference in the first case.

Looking at the Subject: header reminds me of:

  43. A "quick" or "simple" question will be neither.

What you perceive as a "simple prob" (and for the love of glob, can you at
least spell out "problem" correctly?!) is absolutely NOT simple.  It's the
tip of an exploding carcinogenic iceberg full of frozen soul-eating
demons.  Everyone knows about this iceberg.  There are buoys all around
it warning sailors to stay away.  All the navigational maps have marked
this territory as too dangerous.

Despite this, you've decided it would be a great idea to have a little
picnic on top of it.

And people don't understand why we're so cranky.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]