bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I've found a vulnerability in bash

From: Kerin Millar
Subject: Re: I've found a vulnerability in bash
Date: Fri, 19 Nov 2021 12:12:39 +0000
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.3.1 
On 19/11/2021 10:53, Marshall Whittaker wrote:

You could argue that bash should parse filenames globbed from * that start
with - and exclude them specifically, so I'll have to respectfully
disagree.
One could, but it would not make for a compelling argument. Define GLOBIGNORE, if you insist. 

  Also, it is not the programs doing the parsing of *, that is a

function of bash.  Try typing * in just your terminal/command line and see
what happens
Yes. However, the presented 'exploit' hinges upon the behaviour of a selected external program. Luckily for you, any that uses getopt(3) will support -- as a means of concluding option recognition, rm(1) included. In the case that you are using a program where option arguments cannot be reliably separated from non-option arguments, specifying the glob as ./* will commonly suffice. 


A short whitepaper on it has been made public at:
https://oxagast.org/posts/bash-wildcard-expansion-arbitrary-command-line-arguments-0day/
complete with a mini Po
It's perplexing that your post relies upon the use of -- to get the point across, without acknowledging its import. At any rate, this does not constitute a vulnerability on the part of bash, much less a zero-day. 

--
Kerin Millar
reply via email to
[Prev in Thread] Current Thread [Next in Thread]