"<kurahaupo> [22:16:18] phillip: anything on Woolledge's Wiki can be assumed to be known to Chet, yes <kurahaupo> phillip: the loop reference problem is potentially fixable; the code-in-referents is not, at least not without breaking existing code somewhere, which is a no-no" I reported this here, so that someone maybe checks if this bug, can influence ubuntu's security.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1411318 Title: arbitrary code execution Status in bash package in Ubuntu: Confirmed Bug description: "The problem with bash's name references Bash 4.3 introduced declare -n ("name references") to mimic Korn shell's nameref feature, which permits variables to hold references to other variables (..). Unfortunately, the implementation used in Bash has some issues. {…} Bash's name reference implementation still allows arbitrary code execution: $ foo() { declare -n var=$1; echo "$var"; } $ foo 'x[i=$(date)]' bash: i=Thu Mar 27 16:34:09 EDT 2014: syntax error in expression (error token is "Mar 27 16:34:09 EDT 2014") It's not an elegant example, but you can clearly see that the date command was actually executed. This is not at all what one wants." source: http://mywiki.wooledge.org/BashFAQ/048 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1411318/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
