Created by: cuonglm
Missing double quotes shell variable in scalar context can lead to many security implication.
In bashhub.sh, bashhub got the BH_DEPS_DIRECTORY from shell environment:
BH_DEPS_DIRECTORY=${BH_DEPS_DIRECTORY:=$BH_HOME_DIRECTORY/deps}Then many places use it without double quote. At least it made the user can not use directory with space in name as BH_DEPS_DIRECTORY.
A more dangerous example:
$ cp -r .bashhub/deps /tmp/'dir with space'
$ echo 'echo QWERT' > /tmp/dirNow if user set:
export BH_DEPS_DIRECTORY=/tmp/dir\ with\ space/
### Bashhub.com Installation.
### This Should be at the EOF. https://bashhub.com/docs
if [ -f ~/.bashhub/bashhub.sh ]; then
source ~/.bashhub/bashhub.sh
fiAnyone in system can made the user source the file they want by creating file named /tmp/dir.