|
From: | Sebastian |
Subject: | bug#24276: head without pipline is not reading complete STDIN, resulting in unwilling and unexpected command execution |
Date: | Sat, 20 Aug 2016 23:01:07 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2 |
hi, while comparing my rewrite in google go of coreutils i noticed that head without pipeline is not reading complete STDIN: > head -c 2 enter: > asdf press return this results in printing "as" and execution of the df command. thats highly unexpected and probably a good example for a variant of WYSINWYC (What you see is not what you copy)*. someone might even come up with a not harmful looking code, that is harmful (heredoc?). > head --version > head (GNU coreutils) 8.25 > bash --version > GNU bash, version 4.3.46(1)-release (x86_64-suse-linux-gnu) > uname -o > GNU/Linux > printfile /etc/os-release > NAME=openSUSE > VERSION="Tumbleweed" > VERSION_ID="20160811" > PRETTY_NAME="openSUSE Tumbleweed (20160811) (x86_64)" > ID=opensuse > ANSI_COLOR="0;32" > CPE_NAME="cpe:/o:opensuse:opensuse:20160811" > BUG_REPORT_URL="https://bugs.opensuse.org" > HOME_URL="https://www.opensuse.org/" * http://www.ush.it/team/ascii/hack-tricks_253C_CCC2008/wysinwyc/what_you_see_is_not_what_you_copy.txt -- Sebastian Kratz @ProhtMeyhet
[Prev in Thread] | Current Thread | [Next in Thread] |