[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: read -e allows execution of commands (edit-and-execute-command) as t
|
From: |
Eduardo Bustamante |
|
Subject: |
Re: read -e allows execution of commands (edit-and-execute-command) as the shell's process user |
|
Date: |
Mon, 8 May 2017 23:41:51 -0500 |
On Mon, May 8, 2017 at 3:09 PM, Chet Ramey <chet.ramey@case.edu> wrote:
> There's no compelling reason to disallow it. If a system administrator
> wants to unbind certain readline commands (and unset INPUTRC!) to protect
> against a specific use case, he is free to do that.
I agree. I changed my mind after sending that email. I still think it
would be prudent to mention this in the docs somewhere. Perhaps a
section on "security notes" in the manual/reference? or a mention in
the FAQ?
Similar to sudo's manual page:
- http://manpages.ubuntu.com/manpages/xenial/man8/sudo.8.html#contenttoc5
- http://manpages.ubuntu.com/manpages/xenial/man8/sudo.8.html#contenttoc12
I couldn't find any decent reference online that mentions a few of the
"traps" that bash has in regards to secure programming (e.g. "don't
evaluate user supplied input in arithmetical contexts without
sanitizing!", "be careful with SHELLOPTS/xtrace/PS4!", "don't use read
-e unless you trust the user supplying the info or know how to plug
the holes", "don't evaluate user supplied regular expressions!")
And... I just realized this was discussed before here:
https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00098.html
IMO, just having it documented somewhere is good enough.