Re: Bash Bug

From: Chet Ramey (chetat_private)
Date: Thu Apr 22 1999 - 12:44:35 PDT

Next message: hYP0[13/\\r: "cold fusion scanner"

Previous message: Daniel Jacobowitz: "Re: Bash Bug"
Maybe in reply to: Shadow: "Bash Bug"
Next in thread: Ph. Rueegsegger: "Re: Bash Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Tue, 20 Apr 1999, Shadow wrote:
>
> > mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` "
>
> Bash 1.x screws up during PS1 substitution (\w, \W). Bash 2.x does not
> seem to be vulnerable. Anyway, there's a hope even for those who want to
> stick to 1.x: replace \w with $PWD, \W with ${PWD##*/} (no guarantee).

This is correct; the bug was fixed in bash-2.0, which was released in
December, 1996.  If you're still running 1.14.x, or earlier versions,
you should upgrade to bash-2.03.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet)

Chet Ramey, Case Western Reserve University	Internet: chetat_private

Next message: hYP0[13/\\r: "cold fusion scanner"
Previous message: Daniel Jacobowitz: "Re: Bash Bug"
Maybe in reply to: Shadow: "Bash Bug"
Next in thread: Ph. Rueegsegger: "Re: Bash Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:33 PDT