Bug 17179
Summary: | security problem with mgetty | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | mal |
Component: | mgetty | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | gert |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-09-01 16:28:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
mal
2000-09-01 15:17:14 UTC
Non-Problem. When assigning variables with blanks in them, NO QUOTES ARE NEEDED. $ a="a b c d" $ echo $a a b c d $ b=$a $ echo $b a b c d -> no problem here, even though $a contains whitespace. (Besides, the bug report mixes wildly different types of scripts - new_fax and coverpg are used in different surroundings. If a user calls coverpg with broken environment variables, and it executes arbitrary programs with his access rights - so what, he can execute them anyway) White spaces are OK, but line feed (as I mentioned in the report) and some other symbols are not example: ---- file x a="`echo -e \"A\nB\"`"; if [ $a == "x" ]; then echo Y else echo N fi ------ sh x x: [: too many arguments N if you replace if [ $a == "x" ]; then to if [ "$a" == "x" ]; then everything is fine sh x N This type of behavior exactly specified in bash manual |