On 6/4/19 3:26 PM, Ilkka Virta wrote:
> On 4.6. 16:24, Greg Wooledge wrote:
>> On Tue, Jun 04, 2019 at 01:42:40PM +0200, Nils Emmerich wrote:
>>> Bash Version: 5.0
>>> Patch Level: 0
>>> Release Status: release
>>>
>>> Description:
>>> It is possible to get code execution via a user suppli
On 5.6. 17:05, Chet Ramey wrote:
On 6/4/19 3:26 PM, Ilkka Virta wrote:
If the bad user supplied variable contains array indexing in itself, e.g.
bad='none[$(date >&2)]' then using it in an arithmetic expansion still
executes the 'date', single quotes or not (the array doesn't need to exist):
B
On 6/5/19 1:39 PM, Ilkka Virta wrote:
> On 5.6. 17:05, Chet Ramey wrote:
>> On 6/4/19 3:26 PM, Ilkka Virta wrote:
>>> If the bad user supplied variable contains array indexing in itself, e.g.
>>> bad='none[$(date >&2)]' then using it in an arithmetic expansion still
>>> executes the 'date', single
