On 5/24/16 1:51 AM, Grisha Levit wrote:
> This issue seems fairly minor, but RHEL (and maybe others) allow INPUTRC
> through sudo by default so perhaps this warrants some attention.
>
> Something silly like:
>
> |echo '$include /tmp/X' > /tmp/X INPUTRC=/tmp/X sudo bash -c 'read -e' |
>
> Will segfault:
Of course. Preventing self-inflicted damage like this is ultimately
futile. There's always some way to shoot yourself in the foot.
>
> |Program terminated with signal 11, Segmentation fault. #0
> 0x00007f275ac948d7 in __GI___libc_malloc (bytes=bytes@entry=7) at
> malloc.c:2895 2895 victim = _int_malloc(ar_ptr, bytes); (gdb) bt #0
> 0x00007f275ac948d7 in __GI___libc_malloc (bytes=bytes@entry=7) at
> malloc.c:2895 #1 0x0000000000474e40 in xmalloc (bytes=bytes@entry=7) at
> xmalloc.c:112 #2 0x00000000004bc6c3 in tilde_expand
> (string=string@entry=0x1217369 "/tmp/X") at ./tilde.c:202 |
>
> (at slightly different places, depending on other directives in the file).
>
> Since there is already current_readline_init_include_level, maybe
> implementing a max level for $include’s would be worthwhile.
I'll consider it for the next version.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU [email protected] http://cnswww.cns.cwru.edu/~chet/
_______________________________________________
Bug-readline mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-readline
