severity 95430 normal quit On Mon, Apr 30, 2001 at 07:48:07PM -0700, Zack Weinberg wrote: > severity 95430 critical > quit > > I can keep this up just as long as you can.
Everyone around here knows that I just love this game. > > > (tests) ... except that ash does honor IFS from the environment. You > > > realize that this is a gaping security hole, even if IFS is only used > > > to split the results of expansion? You realize that it is trivial to > > > break any shell script on the entire machine that way? > > > > Get a clue, Linux does not allow setuid scripts. > > Irrelevant. Look up IFS in a bugtraq archive. > I shan't do your homework for you. I did. And guess what, I didn't find one single exploit regarding this on Linux. Interestingly, I found one exploit that relied on IFS to be set to work. > > You're the one who doesn't get it. If you are writing shell functions > > and you need to save the IFS, then you need to save it properly. > > You don't seem to comprehend the difference between shell *functions* > and shell *scripts*. Sorry I misread one of your messages. In any case, your script is still broken. I'm only working around this because a related autoconf breakage (#95447) is very widespread. -- Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
