Re: Potential Bash Script Vulnerability

[Chet Ramey]

On 4/7/24 12:17 AM, admin@osrc.rip wrote:
> Hello everyone!
>
> I've attached a minimal script which shows the issue, and my recommended 
> solution.

Hi. Thanks for the report. This seems more like a case of mistmatched
expectations.

Bash tries, within reason, to read its input a command at a time, and to
leave child processes with the file pointer set to the location in a
script corresponding to the commands it's consumed. POSIX requires this
behavior if the shell is reading script input from stdin.

It seems like you expect the shell to read and buffer input (like stdio,
for instance) so that at any point it has read more input that it has
processed. This isn't unreasonable, but it's not how shells have behaved.

Not doing this file location sync isn't a solution to your theoretical
vulnerability, either. Since scripts are simply text files, you just have
to arrange to alter file contents beyond where the script has read and
buffered input data, subject to Kerin Millar's comments about not changing
the inode.

If you want the shell to read and parse an entire script before executing
any of it, the group command solution is a good one. This has the advantage
of potentially finding syntax errors before executing any commands, which
might be desirable.

Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

OpenPGP_signature.asc
Description: OpenPGP digital signature