If you run
echo "$((v))"
and v is a user supplied variable.
If the user put a specific string in v, he can execute whatever he wants
in the name of the script, because echo "$((v))" will run that code.
Am 6/4/2019 um 4:29 PM schrieb Chet Ramey:
On 6/4/19 7:42 AM, Nils Em
ntext is unsafe.
Repeat-By:
If this is considered a bug I would like to get in contact with
someone in charge.
--
Nils Emmerich
ERNW Research GmbH
Carl-Bosch-Str. 4
69115 Heidelberg
www.ernw.de
Tel. +49 6221 480390 (Sekretariat)
Handelsregister Mannheim HRB 723285
Geschäftsführer: Dr
