Re: bash complete.c

Mon, 29 Dec 2014 16:04:21 -0800 

Could someone try this one ?

[root@test ~]# echo -e "\x9\x9 /bin/home/foo/sh" | ssh localhost bash -i 2>&1 | 
grep foo
root@localhost's password:
[root@test ~]# foo
[root@test ~]# cat /home/foo/sh
echo foo



      De : Vincent Leduc <[email protected]>
 À : "[email protected]" <[email protected]> 
 Envoyé le : Lundi 29 décembre 2014 17h22
 Objet : Re: bash complete.c
   

I still have differents results, depending on the input. Is this a bug ?

[foo@test ~]$                 /bin/bin/uname

Display all 1066 possibilities? (y or n)
[foo@test ~]$ /bin/uname
Linux

[foo@test ~]$                 /foo/bin/uname

Display all 1066 possibilities? (y or n)
[foo@test ~]$ /uname
bash_4.3: /uname: No such file or directory

[foo@test ~]$                 /bin/uname

Display all 1066 possibilities? (y or n)
[foo@test ~]$ /uname
bash_4.3: /uname: No such file or directory

[foo@test ~]$                 /bin/foo/uname

Display all 1066 possibilities? (y or n)
[foo@test ~]$ /foo/uname
bash_4.3: /foo/uname: No such file or directory

[foo@test ~]$                 $ENuname

Display all 1066 possibilities? (y or n)
[foo@test ~]$ uname
Linux

[foo@test ~]$                 $ENid

Display all 1066 possibilities? (y or n)
[foo@test ~]$ id
uid=505(foo) gid=506(foo) groups=506(foo)

[foo@test ~]$                 $XYid

Display all 1066 possibilities? (y or n)
:                                mshowfat
!                                msql2mysql
./                               mtools
[                                mtoolstest
[[                               mtype
]]                               mv
{                                mwm
}                                mxtar
a2p                              my_print_defaults
ab                               mysql
ac                               mysqlaccess
acpi_listen                      mysqladmin
addftinfo                        mysqlbinlog
addr2line                        mysqlcheck
afs5log                          mysql_config
alias                            mysqldump
amuFormat.sh                     mysql_find_rows
antlr                            mysqlimport
antlr-java                       mysqlshow
apropos                          mysql_tableinfo
ar                               mysql_waitpid
arch                             mzip
as                               namei
ascii-xfr                        nano
--More--

Regards.
      De : Vincent Leduc <[email protected]>
 À : "[email protected]" <[email protected]> 
 Envoyé le : Lundi 29 décembre 2014 15h59
 Objet : Re: bash complete.c
   


Looking threw bash 4.3, it seems that readline/complete.c is forking a child 
too.

Maybe i'm wrong, but why the static int get_y_or_n could execute something ?

# ssh foo@test "strace -Ff -e execve /bin/bash_4.3 -i"
bash_4.3: cannot set terminal process group (-1): Invalid argument
bash_4.3: no job control in this shell
[foo@test ~]$ [tab][tab][enter] (calling bash completion)

Display all 1066 possibilities? (y or n)$ENsh

Process 15060 attached (waiting for parent)
Process 15060 resumed (parent 15042 ready)
Process 15042 suspended
[pid 15060] execve("/bin/sh", ["sh"], [/* 16 vars */]) = 0

[foo@test ~]$ echo $$
echo $$
15904
[foo@test ~]$ [tab][tab][enter]

Display all 1066 possibilities? (y or n)/bin/bin/sh

[foo@test ~]$ /bin/sh
Process 15923 attached (waiting for parent)
Process 15923 resumed (parent 15904 ready)
Process 15904 suspended
[pid 15923] execve("/bin/sh", ["/bin/sh"], [/* 16 vars */]) = 0
echo $$
15923
exit
Process 15904 resumed
Process 15923 detached
--- SIGCHLD (Child exited) @ 0 (0) ---

[foo@test ~]$ echo $$
echo $$
15232
[foo@test ~]$ [tab][tab][enter]
Display all 1066 possibilities? (y or n)$ENsh
Process 15256 attached (waiting for parent)
Process 15256 resumed (parent 15232 ready)
Process 15232 suspended
[pid 15256] execve("/bin/sh", ["sh"], [/* 16 vars */]) = 0
echo $$;
15256
exit;
Process 15232 resumed
Process 15256 detached
--- SIGCHLD (Child exited) @ 0 (0) ---

[foo@test ~]$
[tab][tab][enter]
Display all 1066 possibilities? (y or n)
a
b
c
d
e
f (nothing)

Process 15081 attached (waiting for parent)
Process 15081 resumed (parent 15042 ready)
Process 15042 suspended
[pid 15081] execve("/bin/sh", ["sh"], [/* 16 vars */]) = 0

[foo@test ~]$
[
Display all 1066 possibilities? (y or n)
a
b
c
d;id;ls; (nothing)
exit (control-D)

Vincent.



      De : Bob Proulx <[email protected]>
 À : Vincent Leduc <[email protected]> 
Cc : "[email protected]" <[email protected]> 
 Envoyé le : Samedi 27 décembre 2014 12h08
 Objet : Re: bash complete.c
   


Vincent Leduc wrote:
> The null redirect was used for the /etc/issue to not be shown
> here. I mean although we dont have any tty attached, i assume the
> builtin should not do this. I only tested it with an older release,
> as you said, it seems to be corrected.

If I don't include -t then I get the following back from bash.

  bash: cannot set terminal process group (-1): Inappropriate ioctl for device
  bash: no job control in this shell

I assumed that was what you were trying to redirect.  Adding the -t
sets up a tty and that particular part of the problem is avoided.

As far as /etc/issue goes another useful thing is to touch a file
named "$HOME/.hushlogin".  If .hushlogin exists then the /etc/issue
and /etc/motd are not emitted at login time.  That is much nicer for
me.  I am well aware of the uname -a and license status of the systems
I am using.  I don't need to see that same message again and again.
This is documented in the login(1) man page.

  man login

        $HOME/.hushlogin
          Suppress printing of system messages.

And so a normal thing for me when getting an account set up is to
always create that file in order to make hopping around systems less
verbose.

  touch ~/.hushlogin



Bob

Reply via email to