Timeline for How many shells deep I am?
Current License: CC BY-SA 3.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 29, 2017 at 17:05 | comment | added | Pranay | @StéphaneChazelas. Yeah, I see it now. | |
| Jun 29, 2017 at 16:14 | comment | added | Stéphane Chazelas | @Pranay, it's unlikely to be a problem. If an attacker can inject any arbitrary env var, then things like PATH/LD_PRELOAD are more obvious choices, but if non-problematic variables get through, like with sudo configured without reset_env (and one can force a bash script to read ~/.bashrc by making stdin a socket for instance), then that can become a problem. That's a lot of "if"s, but something to keep at the back of one's mind (unsanitized data in arithmetic context is dangerous) | |
| Jun 29, 2017 at 16:02 | comment | added | Pranay | @StéphaneChazelas, I did not know about command injection this way. But, if the environment is not trusted, and the exploit already has the ability to inject env-variables, why would it need to exploit me? I get the technical possibility of this happening, but not the need, because the attacker already seems to control the machine. | |
| Jun 29, 2017 at 10:20 | comment | added | Stéphane Chazelas | Also note that using environment variables in arithmetic expressions amounts to a command injection vulnerability in cases where the environment is not trusted. Try VILVL='psvar[0echo Oops>&2]' "$SHELL" -c '((VILVL++))' for instance. So you may want to check that those variables are only decimal integers first. | |
| Jun 28, 2017 at 22:32 | comment | added | Stéphane Chazelas | About SHLVL and (possibly implicit) exec, see lists.gnu.org/archive/html/bug-bash/2016-09/msg00000.html zsh.org/mla/workers/2016/msg01574.html bugs.gw.com/view.php?id=572 | |
| Jun 28, 2017 at 22:29 | comment | added | Stéphane Chazelas | Note that dash has arithmetic expansion. SHELL_LEVEL=$((SHELL_LEVEL + 1)) should be enough even if $SHELL_LEVEL was previously unset or empty. It's only if you had to be portable to the Bourne shell that you'd need to resort to expr, but then you'd also need to replace $(...) with `..`. SHELL_LEVEL=`expr "${SHELL_LEVEL:-0}" + 1` | |
| Jun 28, 2017 at 22:29 | comment | added | Pranay | Your approach is amazing and you are using only the primitives which means including this in my .profile/.shellrc would not break anything. I pull those on any machine I work on. | |
| Jun 28, 2017 at 22:23 | comment | added | Pranay | This answer is perfect. I have marked this as the solution (unfortunately it does not have that many votes yet). | |
| Jun 28, 2017 at 22:22 | vote | accept | Pranay | ||
| Jun 28, 2017 at 22:16 | comment | added | Scott - Слава Україні | I’m somewhat puzzled that so many answers suggest executing an external executable program, like ps or pstree, when you can do this with shell builtins. | |
| Jun 28, 2017 at 22:15 | history | answered | Scott - Слава Україні | CC BY-SA 3.0 |