[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Doc] wrong usage example for dircolors
From: |
Stephane Chazelas |
Subject: |
[Doc] wrong usage example for dircolors |
Date: |
Tue, 14 Dec 2004 17:30:52 +0000 |
User-agent: |
Mutt/1.5.6i |
That "typical usage example" in the info page for dircolors:
eval `dircolors [OPTION]... [FILE]`
(see
http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/coreutils/coreutils/doc/coreutils.texi?rev=1.233
@example
eval `dircolors address@hidden@dots{} address@hidden
@end example)
is not correct and can be exploited in various ways if someone
has such line in his ~/.shellrc.
It should be:
eval "`dircolors [OPTION... [FILE]`"
Otherwise, it is subject to word splitting and filename
generation so that one can have any user run any arbitrary code
by simply creating files with the proper name.
For instance, if dircolors -b outputs:
LS_COLORS='no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=0
1;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*
.tgz=01;31:';
export LS_COLORS
and one does:
touch "LS_COLORS='no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;\
35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:Z.tar=\
01;31:'; rm -rf \$HOME; : '.tgz=01;31:';"
then
eval `dircolors -b`
deletes the home of everyone who is running it in the directory
containing that file.
I've been told some Linux distributions have this kind of line
in the system /etc/bash.bashrc
--
Stéphane
- [Doc] wrong usage example for dircolors,
Stephane Chazelas <=