[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential Bash Script Vulnerability
From: |
Oğuz |
Subject: |
Re: Potential Bash Script Vulnerability |
Date: |
Tue, 9 Apr 2024 06:32:04 +0300 |
On Tue, Apr 9, 2024 at 5:17 AM Robert Elz <kre@munnari.oz.au> wrote:
> Sure, it is possible to make a useless program like this ...
> Almost all real commands use stdio to read stdin. Playing about
> any more with this absurd example isn't worth the bother. The relevant
> text should simply be deleted from POSIX. It is bizarre and unnecessary.
Using stdio to read stdin doesn't stop you from detecting if it is
connected to a file and adjusting the file offset before exit. In
fact, POSIX mandates that for standard utilities in XCU 1.4 Utility
Defaults, INPUT FILES section:
When a standard utility reads a seekable input file and terminates
without an error before it reaches end-of-file, the utility shall
ensure that the file offset in the open file description is properly
positioned just past the last byte processed by the utility. For files
that are not seekable, the state of the file offset in the open file
description for that file is unspecified. A conforming application
shall not assume that the following three commands are equivalent:
tail -n +2 file
(sed -n 1q; cat) < file
cat file | (sed -n 1q; cat)
The second command is equivalent to the first only when the file is
seekable. The third command leaves the file offset in the open file
description in an unspecified state. Other utilities, such as head,
read, and sh, have similar properties.
If the shell doesn't cooperate with other utilities in this, this can happen:
$ cat tst.sh
echo hi
sed -n 1q
# Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla gravida odio
# ultrices, consectetur libero eu, malesuada augue. Proin commodo faucibus ipsum
# et viverra. In dictum, risus eu hendrerit rutrum, lorem diam cursus sapien,
# nec mollis urna nunc non enim. Etiam at porttitor neque. Quisque elementum
# orci in nisi egestas, sit amet pretium est tincidunt. Pellentesque eleifend
# nec tellus eu lobortis. Praesent pharetra sed neque eleifend interdum.
#
# Aenean eget tincidunt sem. Etiam ac ultricies leo. Nunc tortor ante, finibus
# in ullamcorper id, mattis sit amet ipsum. Etiam ac diam sem. Aenean a purus
# ex. Proin tincidunt erat odio, ut suscipit purus commodo nec. Curabitur eget
# ante non mi sagittis congue ac non massa. Cras tincidunt bibendum erat, ut
# gravida arcu congue eu. Phasellus ex quam, blandit at interdum at, cursus eu
# nisi. Nullam interdum faucibus massa at luctus. Nullam eu sapien ut mauris
# eleifend pharetra sit amet quis ante. Nullam porttitor enim eros, e
if false; then
rm uh-oh
fi
$
$ busybox sh <tst.sh
hi
rm: cannot remove 'uh-oh': No such file or directory
sh: syntax error: unexpected "fi"
$
You'd need more filler for other shells, but I believe you get the point.
- Re: Potential Bash Script Vulnerability, (continued)
- Re: Potential Bash Script Vulnerability, Robert Elz, 2024/04/08
- Re: Potential Bash Script Vulnerability, Greg Wooledge, 2024/04/08
- Re: Potential Bash Script Vulnerability, admin, 2024/04/08
- Re: Potential Bash Script Vulnerability, Greg Wooledge, 2024/04/08
- Re: Potential Bash Script Vulnerability, Andreas Schwab, 2024/04/08
- Re: Potential Bash Script Vulnerability, admin, 2024/04/08
- Message not available
- Re: Potential Bash Script Vulnerability, Oğuz, 2024/04/08
- Message not available
- Re: Potential Bash Script Vulnerability, Robert Elz, 2024/04/08
- Re: Potential Bash Script Vulnerability, Oğuz, 2024/04/08
- Re: Potential Bash Script Vulnerability, Robert Elz, 2024/04/08
- Re: Potential Bash Script Vulnerability,
Oğuz <=
Re: Potential Bash Script Vulnerability, Martin D Kealey, 2024/04/08
Re: Potential Bash Script Vulnerability, Chet Ramey, 2024/04/08