[Git-commits] [grml/grml-etc-core] 38a1b6: Handle volatile characters in prompts with prompts...

Frank Terbeck ft at grml.org
Sat Mar 25 17:47:47 CET 2017


  Branch: refs/heads/master
  Home:   https://github.com/grml/grml-etc-core
  Commit: 38a1b613f10a162812ce91075bdf3ec102126dc1
      https://github.com/grml/grml-etc-core/commit/38a1b613f10a162812ce91075bdf3ec102126dc1
  Author: Frank Terbeck <ft at grml.org>
  Date:   2017-03-25 (Sat, 25 Mar 2017)

  Changed paths:
    M etc/zsh/zshrc

  Log Message:
  -----------
  Handle volatile characters in prompts with promptsubst set

We don't set that option, but users may do it in .zshrc.local or similar.

The issue is that performing expansions on a prompt string is an exploitable
vulnerability, if you do not contol every part the prompt string is made up of.

This is what is demonstrated by

  https://github.com/njhartwell/pw3nage

Per default, the code strips [$`] from a final prompt string, so you can't
really take advantage of prompt subst, even though you have it set. If the
prompt_subst option is not set, the code does not kick in at all.

If you want more control over which parts of the prompt are stripped, so you
can take control of prompt_subst, you can do that as well.  Here's an example
that only strips the data returned from vcs_info:

  zstyle ':prompt:grml:*:items:vcs' strip-sensitive-characters on
  zstyle ':prompt:grml:*:setup' strip-sensitive-characters off

Now you can take advantage of prompt_subst in privately defined tokens (even
though I'd use a token that calls a function callback instead of inserting a
string that relies on prompt_subst — but that's just me).

Reported-by: Joerg Jaspert <joerg at debian.org>




More information about the Git-commits mailing list