Hello,
I've found a security bug in dash permitting to change shell behaviour.
I don't know if impact could be same as the recent bash bug but it seems
to be serious.
Are you able to close a bug very quickly ?
PS.
Same bug exist inside ash and busybox. I have to contact ash and busybox
maintaine
commit ebfdd97a10e34a5e70eadfc21ebfc033ef93a563
Author: Herbert Xu
Date: Mon Oct 6 19:45:58 2014 +0800
[BUILTIN] Do not allow break to break across function calls
As it is if you do a multi-level break inside a function it'll
actually include loops outside of the function call.
commit 598d300ffa0b9542a88feae900ccdd29e35374cf
Author: Herbert Xu
Date: Mon Oct 6 20:45:04 2014 +0800
[EVAL] Move common skipcount logic into skiploop
The functions evalloop and evalfor share the logic on checking
and updating skipcount. This patch moves that into the helper
commit f14b4626eb5c1c2fda137e7d1520c5f1cb7e85c4
Author: Herbert Xu
Date: Mon Oct 6 21:22:43 2014 +0800
[BUILTIN] Allow return in loop conditional to set exit status
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332954
When return is used in a loop conditional the exit
commit 70c16dd30d4cf824aa895e9f6c095fec741c65a8
Author: Herbert Xu
Date: Mon Oct 6 21:51:26 2014 +0800
[BUILTIN] Return without arguments in a trap should use status outside traps
POSIX now requires that return without arguments in a trap should
return the last command status p
Christian PĂ©lissier wrote:
> Hello,
>
> I've found a security bug in dash permitting to change shell behaviour.
> I don't know if impact could be same as the recent bash bug but it seems
> to be serious.
Please send the details to me in private email.
Thanks,
--
Email: Herbert Xu
Home Page: h
Hi all. I recently found a bug in dash's handling of substring
processing, when the variable is contained within quotes.
In bash, this works:
bash$ echo $PWD
/home/psmith
bash$ echo ${PWD%${PWD##*/}}.
/home/.
bash$ echo "${PWD%${PWD##*/}}."
/home/.
which is what I expect. However
