[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bash builtins mapfile issue - Unexpected parameter passing of causes
|
From: |
Greg Wooledge |
|
Subject: |
Re: bash builtins mapfile issue - Unexpected parameter passing of causes rce |
|
Date: |
Sat, 14 Sep 2024 09:06:02 -0400 |
On Sat, Sep 14, 2024 at 19:46:21 +0800, ~ via Bug reports for the GNU Bourne
Again SHell wrote:
> Dear bug-bash team:
> I hope this email finds you well. During my recent security
> assessment of bash, I identified a potential security vulnerability that I
> believe may impact the security of your product and its users.
> here is details:
> 1、mapfile -C xxx will call run_callback
> 2、evil "execstr" parameter passing causes rce
> mapfile.def
>
> for example in bash shell:
> echo -e
> "line1\nline2\nline3\nline4\nline5\nline6\nline7\nline8\nline9\nline10" >
> test.txt
> mapfile -t -C "whoami #111" -c 5 my_array < test.txt
>
> I want to assign a CVE ID to the vulnerability
What vulnerability? If you use an option that passes a command to be
evaluated, and then that command gets evaluated, it's working as you
requested.
If you don't want mapfile to run a callback after reading items, then
don't use the callback option.
Also, please stop posting in HTML. Your message is difficult to read.