On Thu, May 03, 2001 at 04:36:43PM +0300, Shaul Karl wrote:
[...]
[16:24:46 tmp]$ bash -c 'echo x-${IFS}-x'
x- -x
Ah, something might be wrong with the above tests:
Right. The invoked shell will expand ${IFS} to a string that happens
to be whitespace, then parse the line as an echo command
On Mon, Apr 30, 2001 at 05:44:46PM -0400, Matt Zimmerman wrote:
I could read that as requiring that if IFS is unset, then you get
spacetabnewline if you inspect its value, NOT the null string.
I have to disagree with this interpretation. The sentence above specifies
that the shell will
Get a clue, Linux does not allow setuid scripts.
Irrelevant. Look up IFS in a bugtraq archive.
I shan't do your homework for you.
I did. And guess what, I didn't find one single exploit regarding this
on Linux. Interestingly, I found one exploit that relied on IFS to be set
to
On Wed, 2 May 2001 23:22:29 -0700
Zack Weinberg [EMAIL PROTECTED] wrote:
Okay, I'll concede that this exploit is only theoretical on Linux at
this time.
Remember what was on the L0pht website...
L0pht, making the throetical practical since [some year I care not to
remember]
This probably has
Herbert Xu [EMAIL PROTECTED] writes:
Not only does that show that Solaris 2.6's shell does not set IFS,
windlord:~ printenv IFS
windlord:~ /bin/sh -c 'echo x-${IFS}-x'
x- -x
windlord:~ uname -a
SunOS windlord.stanford.edu 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
Looks set to
Shaul Karl [EMAIL PROTECTED] writes:
Russ Allbery [EMAIL PROTECTED] writes:
windlord:~ printenv IFS
windlord:~ /bin/sh -c 'echo x-${IFS}-x'
x- -x
windlord:~ uname -a
SunOS windlord.stanford.edu 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
Looks set to me, although it appears to
On Thu, May 03, 2001 at 02:30:28PM -0500, Raja R Harinath wrote:
Maybe you want
sh -c 'echo x-${IFS}-x'
Both Solaris 2.6 /bin/sh and Linux bash seem to have IFS set.
$ /bin/sh -c 'echo x-${IFS}-x'
x-
-x
Identical behavior with zsh from unstable here.
--
- -/-
severity 95430 normal
quit
On Mon, Apr 30, 2001 at 07:48:07PM -0700, Zack Weinberg wrote:
severity 95430 critical
quit
I can keep this up just as long as you can.
Everyone around here knows that I just love this game.
(tests) ... except that ash does honor IFS from the environment. You
Zack Weinberg [EMAIL PROTECTED] wrote:
in the environment, and which postdates 4.4BSD and SVR4, and I'll shut
up. The burden is on you to do this. I believe I have adequately
Well thanks to a bug in Netscape, I went to its search page instead of
whatever I was trying to open, and the my
Herbert Xu [EMAIL PROTECTED] writes:
Not only does that show that Solaris 2.6's shell does not set IFS,
windlord:~ printenv IFS
windlord:~ /bin/sh -c 'echo x-${IFS}-x'
x- -x
windlord:~ uname -a
SunOS windlord.stanford.edu 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
Looks set to me, although
reopen 95420
quit
...
On Fri, Apr 27, 2001 at 12:22:18AM -0700, Zack Weinberg wrote:
ash 0.3.8-1 incorporates changes in word splitting which break common
shell scripts, such as /usr/bin/mktexpk and the 'mklibgcc' script used
when compiling GCC.
#! /bin/ash
OIFS=$IFS
IFS=,
Zack Weinberg [EMAIL PROTECTED] wrote:
On Fri, Apr 27, 2001 at 12:22:18AM -0700, Zack Weinberg wrote:
ash 0.3.8-1 incorporates changes in word splitting which break common
shell scripts, such as /usr/bin/mktexpk and the 'mklibgcc' script used
when compiling GCC.
#! /bin/ash
On Mon, Apr 30, 2001 at 12:16:16PM -0700, Zack Weinberg wrote:
[whose words are these? unattributed in your mail]
Sorry, but this is broken. This assumes that IFS is set to begin with
which may not be the case.
I have consulted the Single Unix Standard and can find only dubious
Matt Zimmerman [EMAIL PROTECTED] wrote:
Of course, it seems that this behavior is different from that of traditional
Bourne shell implementations, so I think I have to agree that ash should avoid
diverging from tradition in order to adhere to a relatively new standard.
I will probably change
PROTECTED]
Cc: [EMAIL PROTECTED]; debian-devel@lists.debian.org
Sent: Monday, April 30, 2001 3:16 PM
Subject: Bug#95420: Bug#95430 acknowledged by developer (Re: Bug#95430: ash:
word-splitting changes break shell scripts)
reopen 95420
quit
...
On Fri, Apr 27, 2001 at 12:22:18AM -0700, Zack
On Mon, Apr 30, 2001 at 06:34:19PM -0400, Ben Darnell wrote:
This thread is directed at the wrong bug number - the discussion is about
#95430, but the messages are going to #95420. Please adjust the recipients
appropriately in your replies.
My apologies, I mistyped the bug number.
zw
[EMAIL PROTECTED] on Tue, May 01, 2001 at 07:30:14AM +1000
# Let's try this again
reopen 95430
severity 95430 critical
retitle 95430 [SECURITY] ash honors IFS in environment
quit
On Tue, May 01, 2001 at 07:30:14AM +1000, Herbert Xu wrote:
I have consulted the Single Unix Standard and can
Zack Weinberg [EMAIL PROTECTED] writes:
Uh, no it can't. I'm talking about self-contained shell scripts,
not functions. IFS does not inherit through the environment.
Self-contained scripts can count on its being set to
spacetabnewline when execution begins.
Says who?
SUS says:
IFS
severity 95430 wishlist
quit
On Mon, Apr 30, 2001 at 06:35:53PM -0700, Zack Weinberg wrote:
(tests) ... except that ash does honor IFS from the environment. You
realize that this is a gaping security hole, even if IFS is only used
to split the results of expansion? You realize that it is
severity 95430 critical
quit
I can keep this up just as long as you can.
...
(tests) ... except that ash does honor IFS from the environment. You
realize that this is a gaping security hole, even if IFS is only used
to split the results of expansion? You realize that it is trivial to
Zack Weinberg [EMAIL PROTECTED] writes:
Irrelevant. Look up IFS in a bugtraq archive.
I shan't do your homework for you.
You're reporting a bug. The standards say this isn't a requirement or
a problem. Prove your case or at least take it to private email.
There are billions and billions of
Alan Shutko [EMAIL PROTECTED] writes:
There are billions and billions of ways you can tweak environment
variables to break shell scripts that don't bother. What's your
point? If I can tweak IFS to change parsing, I can also tweak PATH.
So far, all I've come up with are programs passing
22 matches
Mail list logo
