[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bash builtins mapfile issue - Unexpected parameter passing of causes
|
From: |
Chet Ramey |
|
Subject: |
Re: bash builtins mapfile issue - Unexpected parameter passing of causes rce |
|
Date: |
Mon, 16 Sep 2024 09:53:38 -0400 |
|
User-agent: |
Mozilla Thunderbird |
On 9/14/24 7:46 AM, ~ via Bug reports for the GNU Bourne Again SHell wrote:
Dear bug-bash team:
I hope this email finds you well. During my recent security
assessment of bash, I identified a potential security vulnerability that I believe may
impact the security of your product and its users.
Thanks for the note. You have not yet identified a security vulnerability.
1、mapfile -C xxx will call run_callback
2、evil "execstr" parameter passing causes rce
mapfile.def
for example in bash shell:
echo -e "line1\nline2\nline3\nline4\nline5\nline6\nline7\nline8\nline9\nline10"
> test.txt
mapfile -t -C "whoami #111" -c 5 my_array < test.txt
This is how the mapfile callback is intended to work.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature