[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Severe Bash Bug with Arrays
|
From: |
Greg Wooledge |
|
Subject: |
Re: Severe Bash Bug with Arrays |
|
Date: |
Fri, 27 Apr 2012 08:27:33 -0400 |
|
User-agent: |
Mutt/1.4.2.3i |
On Thu, Apr 26, 2012 at 08:47:39PM -0700, Linda Walsh wrote:
> Obviously, they were not complete beginners to bash -- to be
> reading
> arrays in from vars holding multi-line text? I would assume they'd have
> the
> intelligence to know when to use * or @ and I wouldn't have to talk down to
> them
> and cover basics.
Oh, you would be amazed and astonished. I've learned never to assume
a person possesses advanced knowledge, when it comes to programming
questions.
> > a=(lib tmp bin share)
> > (export IFS=,;eval "echo /usr/{${a[*]}}")
> /usr/lib /usr/tmp /usr/bin /usr/share
>
> Anything else you wanna tell me NEVER/ALWAYS to do?
NEVER use eval plus a brace expansion to generate a list. That's just
freakin' evil. And unsafe:
imadev:~$ a=(lib tmp bin share '`date`')
imadev:~$ (export IFS=,;eval "echo /usr/{${a[*]}}")
/usr/lib /usr/tmp /usr/bin /usr/share /usr/Fri Apr 27 08:25:49 EDT 2012
(Replace `date` with whatever evil command you think is likely to be
put into the array by a malicious user.)
Alternative 1:
a=(lib tmp bin share)
echo "${a[@]/#//usr/}"
Alternative 2:
a=(lib tmp bin share)
printf "/usr/%s " "${a[@]}"
- Re: Severe Bash Bug with Arrays, (continued)
Re: Severe Bash Bug with Arrays, Linda Walsh, 2012/04/25