Re: I've found a vulnerability in bash

[Kerin Millar]

On Fri, 19 Nov 2021 10:05:39 -0500
Marshall Whittaker <marshallwhittaker@gmail.com> wrote:

> Fair. I'm not saying anyone has to change it, but I will call out what I
> think is a design flaw.  But this is going to turn into some philosophical
> discussion as to whether it should have been done this way from the start.
> That I don't know, and hold no responsibility for, as I'm not a bash dev,
> I'm an exploit dev.  Maybe an asshole too.

You appear to be missing the implication; it has nothing in particular to do 
with bash. Consider the following Perl program. At no point is a shell involved.

@args = glob('*');
system('rm', '-f', @args); # bad

So, would it be Perl's fault that the programmer failed to demarcate the 
non-option arguments to rm(1)? Did I just publish a zero-day? No. Absolutely 
not.

system('rm', '-f', '--', @args); # better

Granted, one would normally use the native unlink function but that's besides 
the point.

-- 
Kerin Millar