GNU bug report logs - #24276
head without pipline is not reading complete STDIN, resulting in unwilling and unexpected command execution

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Sebastian <sebastian <at> ifyouwantblood.de>
Subject: bug#24276: closed (Re: bug#24276: head without pipline is not
 reading complete STDIN, resulting in unwilling and unexpected command
 execution)
Date: Sun, 21 Aug 2016 00:13:01 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#24276: head without pipline is not reading complete STDIN, resulting in unwilling and unexpected command execution

which was filed against the coreutils package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 24276 <at> debbugs.gnu.org.

-- 
24276: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=24276
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Sebastian <sebastian <at> ifyouwantblood.de>, 24276-done <at> debbugs.gnu.org
Subject: Re: bug#24276: head without pipline is not reading complete STDIN,
 resulting in unwilling and unexpected command execution
Date: Sat, 20 Aug 2016 17:12:36 -0700

This is not a bug. It's quite OK for 'head' to read just as much input as is 
required, and to not bother to read the rest of input. In fact, POSIX requires 
this behavior if standard input is a seekable file. See:

http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap01.html

and look for "seekable input".

[Message part 3 (message/rfc822, inline)]

From: Sebastian <sebastian <at> ifyouwantblood.de>
To: bug-coreutils <at> gnu.org
Subject: head without pipline is not reading complete STDIN, resulting in
 unwilling and unexpected command execution
Date: Sat, 20 Aug 2016 23:01:07 +0200

hi,

while comparing my rewrite in google go of coreutils i noticed that head without pipeline
is not reading complete STDIN:

> head -c 2

enter:

> asdf

press return

this results in printing "as" and execution of the df command. thats highly unexpected and 
probably a good example for a variant of WYSINWYC (What you see is not what you copy)*.
someone might even come up with a not harmful looking code, that is harmful (heredoc?).

> head --version
> head (GNU coreutils) 8.25

> bash --version
> GNU bash, version 4.3.46(1)-release (x86_64-suse-linux-gnu)

> uname -o
> GNU/Linux

> printfile /etc/os-release
> NAME=openSUSE
> VERSION="Tumbleweed"
> VERSION_ID="20160811"
> PRETTY_NAME="openSUSE Tumbleweed (20160811) (x86_64)"
> ID=opensuse
> ANSI_COLOR="0;32"
> CPE_NAME="cpe:/o:opensuse:opensuse:20160811"
> BUG_REPORT_URL="https://bugs.opensuse.org"
> HOME_URL="https://www.opensuse.org/"

* http://www.ush.it/team/ascii/hack-tricks_253C_CCC2008/wysinwyc/what_you_see_is_not_what_you_copy.txt

-- 
Sebastian Kratz
@ProhtMeyhet

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.