summaryrefslogtreecommitdiff
path: root/libbb/human_readable.c
diff options
context:
space:
mode:
authorEric Andersen2004-09-02 23:13:10 +0000
committerEric Andersen2004-09-02 23:13:10 +0000
commitfd7a4c8c2887187e901809d89997deefb8b99d97 (patch)
tree70ea04a5934546b070f3e0c403629fe4da7aa444 /libbb/human_readable.c
parent7b08cdd98cdf99b0d2bd622566e9288d44b17529 (diff)
downloadbusybox-fd7a4c8c2887187e901809d89997deefb8b99d97.zip
busybox-fd7a4c8c2887187e901809d89997deefb8b99d97.tar.gz
Jonas Holmberg from axis dot com writes:
This patch makes msh handle variable expansion within backticks more correctly. Current behaviour (wrong): -------------------------- BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. $ A='`echo hello`' $ echo $A `echo hello` $ echo `echo $A` hello $ New behaviour (correct): ------------------------ BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. $ A='`echo hello`' $ echo $A `echo hello` $ echo `echo $A` `echo hello` $ The current behaviour (wrong according to standards) was actually my fault. msh handles backticks by executing a subshell (which makes it work on MMU-less systems). Executing a subshell makes it hard to only expand variables once in the parent. Therefore I export all variables that will be expanded within the backticks and let the subshell handle the expansion instead. The bug was found while searching for security leaks in CGI-scripts. Current behaviour of msh makes it easy to expand backticks by mistake in $QUERY_STRING. I recommend appling the patch before release of bb 1.00. /Jonas
Diffstat (limited to 'libbb/human_readable.c')
0 files changed, 0 insertions, 0 deletions