[Bug 1411318] Re: arbitrary code execution
" [22:16:18] phillip: anything on Woolledge's Wiki can be assumed to be known to Chet, yes phillip: the loop reference problem is potentially fixable; the code-in-referents is not, at least not without breaking existing code somewhere, which is a no-no" I reported this here, so that someone maybe checks if this bug, can influence ubuntu's security. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411318 Title: arbitrary code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1411318] Re: arbitrary code execution
No, but I think someone has, but I don't know exactly. Trying to find out. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411318 Title: arbitrary code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1411318] Re: arbitrary code execution
** Description changed: "The problem with bash's name references Bash 4.3 introduced declare -n ("name references") to mimic Korn shell's nameref feature, which permits variables to hold references to other - variables (see FAQ 006 to see these in action). Unfortunately, the - implementation used in Bash has some issues. + variables (..). Unfortunately, the implementation used in Bash has some + issues. {…} Bash's name reference implementation still allows arbitrary code execution: $ foo() { declare -n var=$1; echo "$var"; } $ foo 'x[i=$(date)]' bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token is "Mar 27 16:34:09 EDT 2014") It's not an elegant example, but you can clearly see that the date command was actually executed. This is not at all what one wants." source: http://mywiki.wooledge.org/BashFAQ/048 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411318 Title: arbitrary code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1411318] Re: arbitrary code execution
Have you reported this issue to the upstream bash developers? ** Changed in: bash (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411318 Title: arbitrary code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs