>Figured while everyone was working with bash, I might as well make this >one public(I apologize if this is old news, apparently it hasnt been fixed >if so). > >If a user creates a directory with a command like > >mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` " > >and someone cd's into said directory, either by accident, or whatever, >then it will cause it to actually execute. Just to clarify, this only happens if PS1 (the bash prompt) contains \w or \W _and_ a prompt is displayed containing the bogus directory name. This means unattended shell scripts are safe. As a workaround, use `pwd` in place of \w. Tested with bash 1.14 (it's the only one I have handy). --Andy Church achurchat_private http://achurch.dragonfire.net/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:29 PDT