This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: wordexp IFS fixes

To: Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
Subject: Re: wordexp IFS fixes
From: Tim Waugh <tim@cyberelk.demon.co.uk>
Date: Mon, 7 Sep 1998 13:25:39 +0100 (BST)
cc: Ulrich Drepper <drepper@cygnus.com>, libc-hacker@cygnus.com

On 7 Sep 1998, Andreas Schwab wrote:

> Note that IFS splitting only occurs when any expansion is done at all.
> This closes a well known sh security bug.

Ah.  The current wordexp implementation performs IFS splitting even when
no expansion has happened.

Re-reading 3.6.5, it looks like "the shell shall scan the results of
expansions and substitutions that did not occur in double-quotes for field
splitting" means that field splitting cannot occur just on its own (set
:abc:).

Is this the case then?  If so, I think that some of the wordexp test cases
are wrong (the first few for instance)..

Bash says that "set a b c" sets three positional parameters, so is this
security hole only for non-whitespace IFS?

Tim.
*/

Follow-Ups:
- Re: wordexp IFS fixes
  - From: Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>

References:
- Re: wordexp IFS fixes
  - From: Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]