From 46d3c1a614f11f0d40a7e73376359618ff07abcd Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sat, 25 Feb 2012 15:35:18 +0800 Subject: [VAR] Sanitise environment variable names on entry On Tue, Feb 14, 2012 at 10:48:48AM +0000, harald@redhat.com wrote: > > "export -p" prints all environment variables, without checking if the > environment variable is a valid dash variable name. > > IMHO, the only valid usecase for "export -p" is to eval the output. > > $ eval $(export -p); echo OK > OK > > Without this patch the following test does error out with: > > test.py: > import os > os.environ["test-test"]="test" > os.environ["test_test"]="test" > os.execv("./dash", [ './dash', '-c', 'eval $(export -p); echo OK' ]) > > $ python test.py > ./dash: 1: export: test-test: bad variable name > > Of course the results can be more evil, if the environment variable > name is crafted, that it injects valid shell code. This patch fixes the issue by sanitising all environment variable names upon entry into the shell. Signed-off-by: Herbert Xu --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index d1e84c9..8686332 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2012-02-25 Herbert Xu + + * Sanitise environment variable names on entry. + 2011-08-17 David S. Miller * Allow building without LINEO support. -- cgit 1.4.1