On 9/14/24 7:46 AM, ~ via Bug reports for the GNU Bourne Again SHell wrote:
Dear bug-bash team: I hope this email finds you well. During my recent security assessment of bash, I identified a potential security vulnerability that I believe may impact the security of your product and its users.
Thanks for the note. You have not yet identified a security vulnerability.
1、mapfile -C xxx will call run_callback 2、evil "execstr" parameter passing causes rce mapfile.def for example in bash shell: echo -e "line1\nline2\nline3\nline4\nline5\nline6\nline7\nline8\nline9\nline10" > test.txt mapfile -t -C "whoami #111" -c 5 my_array < test.txt
This is how the mapfile callback is intended to work.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
