[Bug 1411318] Re: arbitrary code execution
Marc Deslauriers
marc.deslauriers at canonical.com
Fri Jan 30 20:40:16 UTC 2015
Have you reported this issue to the upstream bash developers?
** Changed in: bash (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1411318
Title:
arbitrary code execution
Status in bash package in Ubuntu:
Confirmed
Bug description:
"The problem with bash's name references
Bash 4.3 introduced declare -n ("name references") to mimic Korn
shell's nameref feature, which permits variables to hold references to
other variables (see FAQ 006 to see these in action). Unfortunately,
the implementation used in Bash has some issues.
{…} Bash's name reference implementation still allows arbitrary code
execution:
$ foo() { declare -n var=$1; echo "$var"; }
$ foo 'x[i=$(date)]'
bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token is "Mar 27 16:34:09 EDT 2014")
It's not an elegant example, but you can clearly see that the date
command was actually executed. This is not at all what one wants."
source: http://mywiki.wooledge.org/BashFAQ/048
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions
More information about the foundations-bugs
mailing list