On 4/7/24 12:17 AM, ad...@osrc.rip wrote:
Hello everyone!I've attached a minimal script which shows the issue, and my recommended solution.
Hi. Thanks for the report. This seems more like a case of mistmatched expectations. Bash tries, within reason, to read its input a command at a time, and to leave child processes with the file pointer set to the location in a script corresponding to the commands it's consumed. POSIX requires this behavior if the shell is reading script input from stdin. It seems like you expect the shell to read and buffer input (like stdio, for instance) so that at any point it has read more input that it has processed. This isn't unreasonable, but it's not how shells have behaved. Not doing this file location sync isn't a solution to your theoretical vulnerability, either. Since scripts are simply text files, you just have to arrange to alter file contents beyond where the script has read and buffered input data, subject to Kerin Millar's comments about not changing the inode. If you want the shell to read and parse an entire script before executing any of it, the group command solution is a good one. This has the advantage of potentially finding syntax errors before executing any commands, which might be desirable. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature