On Sat, Sep 14, 2024 at 19:46:21 +0800, ~ via Bug reports for the GNU Bourne Again SHell wrote: > Dear bug-bash team: > I hope this email finds you well. During my recent security > assessment of bash, I identified a potential security vulnerability that I > believe may impact the security of your product and its users. > here is details: > 1、mapfile -C xxx will call run_callback > 2、evil "execstr" parameter passing causes rce > mapfile.def > > for example in bash shell: > echo -e > "line1\nline2\nline3\nline4\nline5\nline6\nline7\nline8\nline9\nline10" > > test.txt > mapfile -t -C "whoami #111" -c 5 my_array < test.txt > > I want to assign a CVE ID to the vulnerability
What vulnerability? If you use an option that passes a command to be evaluated, and then that command gets evaluated, it's working as you requested. If you don't want mapfile to run a callback after reading items, then don't use the callback option. Also, please stop posting in HTML. Your message is difficult to read.
