[Touch-packages] [Bug 1411318] Re: arbitrary code execution

2015-01-30 Thread Phillip Sz 
kurahaupo [22:16:18] phillip: anything on Woolledge's Wiki can be assumed to 
be known to Chet, yes
kurahaupo phillip: the loop reference problem is potentially fixable; the 
code-in-referents is not, at least not without breaking existing code 
somewhere, which is a no-no I reported this here, so that someone maybe checks 
if this bug, can influence ubuntu's security.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1411318

Title:
  arbitrary code execution

Status in bash package in Ubuntu:
  Confirmed

Bug description:
  The problem with bash's name references

  Bash 4.3 introduced declare -n (name references) to mimic Korn
  shell's nameref feature, which permits variables to hold references to
  other variables (..). Unfortunately, the implementation used in Bash
  has some issues.

  {…} Bash's name reference implementation still allows arbitrary code
  execution:

  $ foo() { declare -n var=$1; echo $var; }
  $ foo 'x[i=$(date)]'
  bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token 
is Mar 27 16:34:09 EDT 2014)

  It's not an elegant example, but you can clearly see that the date
  command was actually executed. This is not at all what one wants.

  source: http://mywiki.wooledge.org/BashFAQ/048

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1411318] Re: arbitrary code execution

2015-01-30 Thread Marc Deslauriers 
Have you reported this issue to the upstream bash developers?


** Changed in: bash (Ubuntu)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1411318

Title:
  arbitrary code execution

Status in bash package in Ubuntu:
  Confirmed

Bug description:
  The problem with bash's name references

  Bash 4.3 introduced declare -n (name references) to mimic Korn
  shell's nameref feature, which permits variables to hold references to
  other variables (see FAQ 006 to see these in action). Unfortunately,
  the implementation used in Bash has some issues.

  {…} Bash's name reference implementation still allows arbitrary code
  execution:

  $ foo() { declare -n var=$1; echo $var; }
  $ foo 'x[i=$(date)]'
  bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token 
is Mar 27 16:34:09 EDT 2014)

  It's not an elegant example, but you can clearly see that the date
  command was actually executed. This is not at all what one wants.

  source: http://mywiki.wooledge.org/BashFAQ/048

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1411318] Re: arbitrary code execution

2015-01-30 Thread Phillip Sz 
** Description changed:

  The problem with bash's name references
  
  Bash 4.3 introduced declare -n (name references) to mimic Korn shell's
  nameref feature, which permits variables to hold references to other
- variables (see FAQ 006 to see these in action). Unfortunately, the
- implementation used in Bash has some issues.
+ variables (..). Unfortunately, the implementation used in Bash has some
+ issues.
  
  {…} Bash's name reference implementation still allows arbitrary code
  execution:
  
  $ foo() { declare -n var=$1; echo $var; }
  $ foo 'x[i=$(date)]'
  bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token 
is Mar 27 16:34:09 EDT 2014)
  
  It's not an elegant example, but you can clearly see that the date
  command was actually executed. This is not at all what one wants.
  
  source: http://mywiki.wooledge.org/BashFAQ/048

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1411318

Title:
  arbitrary code execution

Status in bash package in Ubuntu:
  Confirmed

Bug description:
  The problem with bash's name references

  Bash 4.3 introduced declare -n (name references) to mimic Korn
  shell's nameref feature, which permits variables to hold references to
  other variables (..). Unfortunately, the implementation used in Bash
  has some issues.

  {…} Bash's name reference implementation still allows arbitrary code
  execution:

  $ foo() { declare -n var=$1; echo $var; }
  $ foo 'x[i=$(date)]'
  bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token 
is Mar 27 16:34:09 EDT 2014)

  It's not an elegant example, but you can clearly see that the date
  command was actually executed. This is not at all what one wants.

  source: http://mywiki.wooledge.org/BashFAQ/048

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1411318] Re: arbitrary code execution

2015-01-30 Thread Phillip Sz 
No, but I think someone has, but I don't know exactly. Trying to find
out.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1411318

Title:
  arbitrary code execution

Status in bash package in Ubuntu:
  Confirmed

Bug description:
  The problem with bash's name references

  Bash 4.3 introduced declare -n (name references) to mimic Korn
  shell's nameref feature, which permits variables to hold references to
  other variables (..). Unfortunately, the implementation used in Bash
  has some issues.

  {…} Bash's name reference implementation still allows arbitrary code
  execution:

  $ foo() { declare -n var=$1; echo $var; }
  $ foo 'x[i=$(date)]'
  bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token 
is Mar 27 16:34:09 EDT 2014)

  It's not an elegant example, but you can clearly see that the date
  command was actually executed. This is not at all what one wants.

  source: http://mywiki.wooledge.org/BashFAQ/048

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp