)]}' { "commit": "46d3c1a614f11f0d40a7e73376359618ff07abcd", "tree": "889c7ccdf81c2559c784158333664fa14217b344", "parents": [ "219aefc9724acc0699a9fbd48e6dda53aeff4ef8" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Feb 25 15:35:18 2012 +0800" }, "committer": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Sat Feb 25 15:35:18 2012 +0800" }, "message": "[VAR] Sanitise environment variable names on entry\n\nOn Tue, Feb 14, 2012 at 10:48:48AM +0000, harald@redhat.com wrote:\n\u003e \n\u003e \"export -p\" prints all environment variables, without checking if the\n\u003e environment variable is a valid dash variable name.\n\u003e \n\u003e IMHO, the only valid usecase for \"export -p\" is to eval the output.\n\u003e \n\u003e $ eval $(export -p); echo OK\n\u003e OK\n\u003e \n\u003e Without this patch the following test does error out with:\n\u003e \n\u003e test.py:\n\u003e import os\n\u003e os.environ[\"test-test\"]\u003d\"test\"\n\u003e os.environ[\"test_test\"]\u003d\"test\"\n\u003e os.execv(\"./dash\", [ \u0027./dash\u0027, \u0027-c\u0027, \u0027eval $(export -p); echo OK\u0027 ])\n\u003e \n\u003e $ python test.py\n\u003e ./dash: 1: export: test-test: bad variable name\n\u003e \n\u003e Of course the results can be more evil, if the environment variable\n\u003e name is crafted, that it injects valid shell code.\n\nThis patch fixes the issue by sanitising all environment variable names\nupon entry into the shell.\n\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "d1e84c9c57b9989b018e463e9d1557907af3ba1a", "old_mode": 33188, "old_path": "ChangeLog", "new_id": "86863322cee4fd486818312b0258284efaee7e3a", "new_mode": 33188, "new_path": "ChangeLog" }, { "type": "modify", "old_id": "027beff154861e2c75e488727139d0037a9491b1", "old_mode": 33188, "old_path": "src/var.c", "new_id": "dc90249f2ad8f9acd989582f868c5abebe16af5a", "new_mode": 33188, "new_path": "src/var.c" } ] }