[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] sh-httpd `wildcard character' vulnerability
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] sh-httpd `wildcard character' vulnerability
- From: Thomas Binder <full-disclosure@arago.de>
- Date: Mon, 27 Oct 2003 17:40:26 +0100
Hi!
On Mon, Oct 27, 2003 at 10:42:45PM +0800, dong-h0un U wrote:
> [...]
> bname() {
> local IFS='/'
> - set -- $1
> + set -- "$1"
> eval rc="\$$#"
> [ "$rc" = "" ] && eval rc="\$$(($# - 1))"
> echo "$rc"
Mhmm, doesn't that break things, as $# will always be 1 if you do
set -- "$some_variable"
no matter how many instances of $IFS there are in $some_variable:
$ foo="/a/b/c/d"
$ IFS='/'
$ set -- "$foo"
$ echo $#
1
$ echo "$1"
a/b/c/d
Actually, $# should be 4 and $1 should be "a"
I'd rather suggest using
set -f
set -- $some_variable
set +f
to disable wildcard expansion for the set-statement:
$ foo="/var/tmp/*"
$ IFS='/'
$ set -f
$ set $foo
$ set +f
$ echo $#
3
$ echo "1: $2, 2: $2, 3: $3"
1: tmp, 2: tmp, 3: *
Ciao
Thomas
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html