bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential Bash Script Vulnerability


From: Oğuz
Subject: Re: Potential Bash Script Vulnerability
Date: Mon, 8 Apr 2024 19:35:02 +0300

On Mon, Apr 8, 2024 at 5:32 PM Robert Elz <kre@munnari.oz.au> wrote:
> The effect is that sharing stdin between the shell script, and other
> commands (than read), is almost certainly never going to work,

Why not? It works fine with other shells


$ cat tst.sh
cat <<EOF >tst.c
#include <sys/types.h>
#include <unistd.h>
int main(void) {
        lseek(0, 5, SEEK_CUR);
}
EOF
cc tst.c
./a.out
exit
echo WORKS
$
$ for sh in bash bash-3.2.57 'busybox sh' dash gwsh ksh mksh oksh osh
pdksh yash zsh; do echo $sh; $sh <tst.sh; done
bash
WORKS
bash-3.2.57
WORKS
busybox sh
dash
gwsh
WORKS
ksh
WORKS
mksh
WORKS
oksh
WORKS
osh
pdksh
WORKS
yash
WORKS
zsh
$



reply via email to

[Prev in Thread] Current Thread [Next in Thread]