dualbus@debian:~/bash-fuzzing/read$ cat -A 6b
M-^_0^A\$
^N
dualbus@debian:~/bash-fuzzing/read$ od -c 6b
000 237 0 001 \ \n 016
006
(gdb) file ~/src/gnu/bash/bash
Reading symbols from ~/src/gnu/bash/bash...done.
(gdb) r -c 'exec < 6b; read -N3 -d "" IFS; read a b'
Starting program: /h
On 2017-05-04 at 10:11 -0500, Eduardo Bustamante wrote:
> On Thu, May 4, 2017 at 10:01 AM, Greg Wooledge wrote:
> [...]
> > Without taking a side on whether this is a security bug in bash, I will
> > support the idea that users who put ~/bin (or similar) in PATH should
> > be educated to make sure
On 5/3/17 8:43 PM, Luiz Angelo Daros de Luca wrote:
> Yes, the devel one does work. Sorry for the confusion.
> It is the first time I see master as stable.
It was like that when I inherited it, and I didn't have enough git
expertise to fold in all of the previous commits where they should
go, so I
04.05.2017, 17:54, "Eduardo Bustamante" :
> On Wed, May 3, 2017 at 5:40 PM, Nikolay Aleksandrovich Pavlov (ZyX)
> wrote:
> [...]
>> If $PATH in bash contains ~ (e.g. `PATH='~/bin'`) it is incorrectly
>> treated
>> as if $HOME is present.
>
> Hm. You can start bash in POSIX mod
On Thu, May 4, 2017 at 10:01 AM, Greg Wooledge wrote:
[...]
> Without taking a side on whether this is a security bug in bash, I will
> support the idea that users who put ~/bin (or similar) in PATH should
> be educated to make sure the ~ is expanded, rather than literal. This
> will protect them
On Thu, May 04, 2017 at 09:54:07AM -0500, Eduardo Bustamante wrote:
> Also, I think it's a bit of a stretch to call this a security problem.
> The scenario you describe (a user having a directory literally named
> `~' with a bin subdirectory, a malicious program creating evil
> binaries in $HOME/bi
Here's a previous discussion on that subject:
- http://lists.gnu.org/archive/html/bug-bash/2014-07/msg00022.html
- https://lists.gnu.org/archive/html/bug-bash/2014-08/msg2.html
On Wed, May 3, 2017 at 5:40 PM, Nikolay Aleksandrovich Pavlov (ZyX)
wrote:
[...]
> If $PATH in bash contains ~ (e.g. `PATH='~/bin'`) it is incorrectly
> treated
> as if $HOME is present.
Hm. You can start bash in POSIX mode
(https://www.gnu.org/software/bash/manual/bash.html#Bash
Steps to reproduce:
Run: read -e
Type: 0 ESC 0 \C-? \C-w
dualbus@afl2-hjbw:~$ cat -A
amin/id:80,sig:11,src:005611+014207,op:splice,rep:16.min
0^[0^?^W
dualbus@afl2-hjbw:~$ xxd
amin/id:80,sig:11,src:005611+014207,op:splice,rep:16.min
: 301b 307f 17 0.0.
configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: x86_64-pc-linux-gnu-gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/s
10 matches
Mail list logo
