From 46d3c1a614f11f0d40a7e73376359618ff07abcd Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Sat, 25 Feb 2012 15:35:18 +0800
Subject: [VAR] Sanitise environment variable names on entry

On Tue, Feb 14, 2012 at 10:48:48AM +0000, harald@redhat.com wrote:
>
> "export -p" prints all environment variables, without checking if the
> environment variable is a valid dash variable name.
>
> IMHO, the only valid usecase for "export -p" is to eval the output.
>
> $ eval $(export -p); echo OK
> OK
>
> Without this patch the following test does error out with:
>
> test.py:
> import os
> os.environ["test-test"]="test"
> os.environ["test_test"]="test"
> os.execv("./dash", [ './dash', '-c', 'eval $(export -p); echo OK' ])
>
> $ python test.py
> ./dash: 1: export: test-test: bad variable name
>
> Of course the results can be more evil, if the environment variable
> name is crafted, that it injects valid shell code.

This patch fixes the issue by sanitising all environment variable names
upon entry into the shell.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index d1e84c9..8686332 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2012-02-25  Herbert Xu <herbert@gondor.apana.org.au>
+
+	* Sanitise environment variable names on entry.
+
 2011-08-17  David S. Miller <davem@davemloft.net>
 
 	* Allow building without LINEO support.
-- 
cgit 1.4.1