On 12/14/2014 08:45 PM, Chet Ramey wrote:
On 12/7/14 11:16 PM, Eduardo A. Bustamante López wrote:
On Sun, Dec 07, 2014 at 07:34:53PM -0800, Linda Walsh wrote:
Only if you properly quote "external input".
Well, that's the whole point, as a script writer, I don't expect to get
arbitrary code execution here:
| dualbus@hp:~/t$ unset var; value='[$(ls -l)]=1 [2]=2'; declare -a
var="($value)"; declare -p var
| bash: total 0: syntax error in expression (error token is "0")
Yeah, that's what we're discussing.
Or here:
| dualbus@hp:~/t$ a=(1 2 3); k='a[$(ls -l)]'; echo "${a[k]}"
| bash: total 0: syntax error in expression (error token is "0")
And I *shouldn't* have to worry about that.
But the ship has sailed on this one. Every shell that implements indexed
arrays does what bash does here.
This matches my observations. That's why I recommend not to use array
variables in shell scripts:
<http://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/sect-Defensive_Coding-Shell-Types.html>
--
Florian Weimer / Red Hat Product Security
