On Mon, Jun 10, 2013 at 10:23:10AM -0400, Chris F.A. Johnson wrote:
> On Mon, 10 Jun 2013, Chris Down wrote:
>
> >Enjoy your arbitrary command execution.
>
> Can you give me an example, using the code I posted, where that would
> happen?
> >On 10 Jun 2013 14:15, "Chris F.A. Johnson" <ch...@cfajohnson.com> wrote:
> >>eval "array=( \"\${$1[@]}\" )"
imadev:~$ foobar() { set -x; eval "array=( \"\${$1[@]}\" )"; }
imadev:~$ foobar 'a}"); date; b=("${q'
+ foobar 'a}"); date; b=("${q'
+ set -x
+ eval 'array=( "${a}"); date; b=("${q[@]}" )'
++ array=("${a}")
++ date
Mon Jun 10 10:31:41 EDT 2013
++ b=("${q[@]}")
A really clever attack wouldn't leave those extra variables lying around,
either. I stopped at "working" and didn't spend the extra time for
"clever".
