[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
>>>>> "Marc" == Marc Feeley <feeley@xxxxxxxxxxxxxxxx> writes:
Marc> This is slightly off topic but...
Marc> Could someone explain to me the need for the IFS line? I read the
Marc> link to the Secure UNIX Programming FAQ, and am still puzzled.
Marc> In particular if an attacker has set IFS to "=" doesn't it mean
Marc> that the line
Marc> IFS=" "
Marc> in the script will be interpreted as
Marc> IFS " "
Marc> which doesn't solve the security hole.
I don't think so: IFS is used to split argument list expansions.
However, I've not been able to find a single current OS with a shell
that still allows exploiting this hole. (In particular, 4.4BSD, ksh,
bash, and AIX's bsh are fixed.) So it may be less confusing to just
remove mention of it.
Cheers =8-} Mike
Friede, Völkerverständigung und überhaupt blabla