diff options
author | Eric Andersen | 2004-09-02 23:13:10 +0000 |
---|---|---|
committer | Eric Andersen | 2004-09-02 23:13:10 +0000 |
commit | fd7a4c8c2887187e901809d89997deefb8b99d97 (patch) | |
tree | 70ea04a5934546b070f3e0c403629fe4da7aa444 /libbb/module_syscalls.c | |
parent | 7b08cdd98cdf99b0d2bd622566e9288d44b17529 (diff) | |
download | busybox-fd7a4c8c2887187e901809d89997deefb8b99d97.zip busybox-fd7a4c8c2887187e901809d89997deefb8b99d97.tar.gz |
Jonas Holmberg from axis dot com writes:
This patch makes msh handle variable expansion within backticks more
correctly.
Current behaviour (wrong):
--------------------------
BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
$ A='`echo hello`'
$ echo $A
`echo hello`
$ echo `echo $A`
hello
$
New behaviour (correct):
------------------------
BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
$ A='`echo hello`'
$ echo $A
`echo hello`
$ echo `echo $A`
`echo hello`
$
The current behaviour (wrong according to standards) was actually my
fault. msh handles backticks by executing a subshell (which makes it
work on MMU-less systems). Executing a subshell makes it hard to only
expand variables once in the parent. Therefore I export all variables
that will be expanded within the backticks and let the subshell handle
the expansion instead.
The bug was found while searching for security leaks in CGI-scripts.
Current behaviour of msh makes it easy to expand backticks by mistake
in $QUERY_STRING. I recommend appling the patch before release of bb
1.00.
/Jonas
Diffstat (limited to 'libbb/module_syscalls.c')
0 files changed, 0 insertions, 0 deletions