This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: wordexp IFS fixes
- To: Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
- Subject: Re: wordexp IFS fixes
- From: Tim Waugh <tim@cyberelk.demon.co.uk>
- Date: Mon, 7 Sep 1998 13:25:39 +0100 (BST)
- cc: Ulrich Drepper <drepper@cygnus.com>, libc-hacker@cygnus.com
On 7 Sep 1998, Andreas Schwab wrote:
> Note that IFS splitting only occurs when any expansion is done at all.
> This closes a well known sh security bug.
Ah. The current wordexp implementation performs IFS splitting even when
no expansion has happened.
Re-reading 3.6.5, it looks like "the shell shall scan the results of
expansions and substitutions that did not occur in double-quotes for field
splitting" means that field splitting cannot occur just on its own (set
:abc:).
Is this the case then? If so, I think that some of the wordexp test cases
are wrong (the first few for instance)..
Bash says that "set a b c" sets three positional parameters, so is this
security hole only for non-whitespace IFS?
Tim.
*/