← Back to team overview

touch-packages team mailing list archive

[Bug 1516300] Re: dash command variable assignments remain in the shell after command execution completed

 

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dash in Ubuntu.
https://bugs.launchpad.net/bugs/1516300

Title:
  dash command variable assignments remain in the shell after command
  execution completed

Status in dash package in Ubuntu:
  New

Bug description:
  If a shell function is invoked with variable assignments preceding it,
  the assignments remain in the shell after the command execution
  completed. This is unexpected behavior and might be a potential
  security issue, since it allows to modify the user environment in a
  subtle unexpected way. For example, consider the following commands
  that shouldn't change the SHELL value outside function foo, yet it
  does in Ubuntu 14.04

  echo $SHELL # check our default shell, gives /bin/bash

  foo () { printenv | grep SHELL; } # no side effects, can be anything
  SHELL=/bin/sh foo

  echo $SHELL # now gives /bin/sh, but expected to give /bin/bash as
  before

  I checked bash and zsh, none of them have this problem. sh in freebsd
  and debian handle this case correctly. So far, it seems the issue is
  limited to Ubuntu dash.

  lsb_release -rd
  Description:	Ubuntu 14.04.3 LTS
  Release:	14.04

  apt-cache policy dash
  dash:
    Installed: 0.5.7-4ubuntu1
    Candidate: 0.5.7-4ubuntu1
    Version table:
   *** 0.5.7-4ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dash/+bug/1516300/+subscriptions