[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#95430: acknowledged by developer (Re: Bug#95430: ash: word-splitting changes break shell scripts)

> > > Get a clue, Linux does not allow setuid scripts.
> > 
> > Irrelevant.  Look up IFS in a bugtraq archive.
> > I shan't do your homework for you.
> 
> I did.  And guess what, I didn't find one single exploit regarding this
> on Linux.  Interestingly, I found one exploit that relied on IFS to be set
> to work.

Okay, I'll concede that this exploit is only theoretical on Linux at
this time.  I feel it should still be fixed.  Should a piece of
vulnerable software be written for or ported to Linux, it will then
not be exploitable.

> > > You're the one who doesn't get it.  If you are writing shell functions
> > > and you need to save the IFS, then you need to save it properly.
> > 
> > You don't seem to comprehend the difference between shell *functions*
> > and shell *scripts*.
> 
> Sorry I misread one of your messages.
> 
> In any case, your script is still broken.  I'm only working around this
> because a related autoconf breakage (#95447) is very widespread.

I stand on my assertion that the script is correct, and the shell is
buggy since it fails to follow consensus behavior.

However, as you've fixed the bug, I'll let it drop now.

zw
Reply to: