diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2016-09-30 11:33:47 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2016-09-30 11:33:47 +0200 |
commit | b6838b520afa8346751577cd7ccbe0b906cd3a52 (patch) | |
tree | 19d82bca694392fe72cd9d4066a9fd1b1fac1a87 /archival/libarchive/decompress_gunzip.c | |
parent | a2d121cc1bb8ef391f9171bb3799e1572904d74c (diff) | |
download | busybox-b6838b520afa8346751577cd7ccbe0b906cd3a52.tar.gz |
ash: [VAR] Sanitise environment variable names on entry
Upstream commit:
Date: Sat, 25 Feb 2012 15:35:18 +0800
[VAR] Sanitise environment variable names on entry
On Tue, Feb 14, 2012 at 10:48:48AM +0000, harald@redhat.com wrote:
> "export -p" prints all environment variables, without checking if the
> environment variable is a valid dash variable name.
>
> IMHO, the only valid usecase for "export -p" is to eval the output.
>
> $ eval $(export -p); echo OK
> OK
>
> Without this patch the following test does error out with:
>
> test.py:
> import os
> os.environ["test-test"]="test"
> os.environ["test_test"]="test"
> os.execv("./dash", [ './dash', '-c', 'eval $(export -p); echo OK' ])
>
> $ python test.py
> ./dash: 1: export: test-test: bad variable name
>
> Of course the results can be more evil, if the environment variable
> name is crafted, that it injects valid shell code.
This patch fixes the issue by sanitising all environment variable names
upon entry into the shell.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'archival/libarchive/decompress_gunzip.c')
0 files changed, 0 insertions, 0 deletions