Created by: cuonglm
Missing double quotes shell variable in scalar context can lead to many security implication.
In bashhub.sh
, bashhub got the BH_DEPS_DIRECTORY
from shell environment:
BH_DEPS_DIRECTORY=${BH_DEPS_DIRECTORY:=$BH_HOME_DIRECTORY/deps}
Then many places use it without double quote. At least it made the user can not use directory with space in name as BH_DEPS_DIRECTORY
.
A more dangerous example:
$ cp -r .bashhub/deps /tmp/'dir with space'
$ echo 'echo QWERT' > /tmp/dir
Now if user set:
export BH_DEPS_DIRECTORY=/tmp/dir\ with\ space/
### Bashhub.com Installation.
### This Should be at the EOF. https://bashhub.com/docs
if [ -f ~/.bashhub/bashhub.sh ]; then
source ~/.bashhub/bashhub.sh
fi
Anyone in system can made the user source
the file they want by creating file named /tmp/dir
.