Arithmetic + array allows for code injection

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Arithmetic + array allows for code injection

From:	Pierre Gaston
Subject:	Arithmetic + array allows for code injection
Date:	Fri, 30 May 2014 20:57:42 +0300

It doesn't seem right for code looking as innocent as $((a[$i])) or
$((a["$i"])) to allow running arbitrary commands for some value of i, that
are no even that clever:

$ i='$( echo >&2 an arbitrary command )';:  $((a["$i"]))
an arbitrary command

$ i='"$( echo >&2 an arbitrary command)"';: $((a[$i]))
an arbitrary command

[Prev in Thread]

Current Thread

[Next in Thread]

Arithmetic + array allows for code injection, Pierre Gaston <=
- Re: Arithmetic + array allows for code injection, Greg Wooledge, 2014/05/30
  - Re: Arithmetic + array allows for code injection, Pierre Gaston, 2014/05/30
- Re: Arithmetic + array allows for code injection, Dan Douglas, 2014/05/30

Prev by Date: Re: What is the difference between a newline and a semi-colon?
Next by Date: Re: Arithmetic + array allows for code injection
Previous by thread: What is the difference between a newline and a semi-colon?
Next by thread: Re: Arithmetic + array allows for code injection
Index(es):
- Date
- Thread