On Mon, Aug 17, 2015 at 6:15 PM, Eric Blake <ebl...@redhat.com> wrote: <snip>
> > Fix your script to not do stupid things, like trying an insanely-large > brace expansion, or trying an 'eval' (or similar) on untrusted user > input. But don't call it a bash security hole that bash allows you to > write stupid scripts. > Good point. And, not meaning to be nasty, the "security hole" would be in the head of the person who allowed such a programmer to write mission critical code. I will assume that the OP was actually in a "learning" mode while doing unusual things which he knew better than to do, "just to see what happens". Of course, reporting it as a bug wasn't really the right thing to do. Reminds me of a bug(?) in an online system which, when triggered, would cause the system to update the user's login password with an untypeable character. One clever programmer used this bug to "punish" people who ran his program without authorization. > > -- > Eric Blake eblake redhat com +1-919-301-3266 > Libvirt virtualization library http://libvirt.org > > -- Schrodinger's backup: The condition of any backup is unknown until a restore is attempted. Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown
