ksh incorrectly rewrites argv

Solution Verified - Updated -

Issue

  • ksh incorrectly rewrites argv
  • The complete reproducer steps:
For Server :
1. Create files as follows.

    [root@example ~]# cat /bin/psg
    #!/bin/ksh -p
    ENV=; PATH=/bin; ps -ef | grep -i "$@" | grep -v -e grep -e ${0##*/}

2. Set the default shell as /bin/ksh for some user

    [root@example ~]# usermod -s /bin/ksh root

3. Create files as follows.

    [root@example ~]# touch aaaa aaaaa
    [root@example ~]# ls aaaa aaaaa
    aaaa  aaaaa
    [root@example ~]# ls -l aaaa aaaaa
    -rw-r--r-- 1 root root 0 Dec 12 09:41 aaaa
    -rw-r--r-- 1 root root 0 Dec 12 09:41 aaaaa

4. Put some data in those and make them executable

    [root@example ~]# echo cat > aaaa
    [root@example ~]# echo cat > aaaaa
    [root@example ~]# cat aaaa 
    cat
    [root@example ~]# cat aaaaa
    cat
    [root@example ~]# chmod u+x aaaa aaaaa
    [root@example ~]# ls -l aaaa aaaaa
    -rwxr--r-- 1 root root 4 Dec 12 09:43 aaaa
    -rwxr--r-- 1 root root 4 Dec 12 09:43 aaaaa

For Client:

[test@test 7]$ ssh root@192.168.0.1 -nx cat /bin/psg
root@192.168.0.1's password: 
#!/bin/ksh -p
ENV=; PATH=/bin; ps -ef | grep -i "$@" | grep -v -e grep -e ${0##*/}

[test@test 7]$ ssh root@192.168.0.1 -nx echo \$SHELL
root@192.168.0.1's password: 
/bin/bash

[test@test 7]$ ssh root@192.168.0.1 -nx echo \$SHELL
root@192.168.0.1's password: 
/bin/ksh

[test@test 7]$ ssh root@192.168.0.1 -nx ls -l aaaa aaaaa
root@192.168.0.1's password: 
-rw-r--r-- 1 root root 0 Dec 12 09:41 aaaa
-rw-r--r-- 1 root root 0 Dec 12 09:41 aaaaa

[test@test 7]$ ssh root@192.168.0.1 -nx cat aaaa aaaaa
root@192.168.0.1's password: 
cat
cat

[test@test 7]$ ssh root@192.168.0.1 -nx 'psg get | ./aaaa'
root@192.168.0.1's password: 
root      1497     1  0 Dec11 tty2     00:00:00 /sbin/mingetty /dev/tty2
root      1499     1  0 Dec11 tty3     00:00:00 /sbin/mingetty /dev/tty3
root      1501     1  0 Dec11 tty4     00:00:00 /sbin/mingetty /dev/tty4
root      1503     1  0 Dec11 tty5     00:00:00 /sbin/mingetty /dev/tty5
root      1505     1  0 Dec11 tty6     00:00:00 /sbin/mingetty /dev/tty6

[test@test 7]$ ssh root@192.168.0.1 -nx 'psg get | ./aaaaa'
root@192.168.0.1's password: 
root      1497     1  0 Dec11 tty2     00:00:00 /sbin/mingetty /dev/tty2
root      1499     1  0 Dec11 tty3     00:00:00 /sbin/mingetty /dev/tty3
root      1501     1  0 Dec11 tty4     00:00:00 /sbin/mingetty /dev/tty4
root      1503     1  0 Dec11 tty5     00:00:00 /sbin/mingetty /dev/tty5
root      1505     1  0 Dec11 tty6     00:00:00 /sbin/mingetty /dev/tty6
root      4419  4416  0 09:46 ?        00:00:00 ./aaaaa sg get | ./aaaaa

But with absolute paths.

[test@test 7]$ ssh root@192.168.0.1 -nx '/bin/psg get | ./aaaaa'
root@192.168.0.1's password: 
root      1497     1  0 Dec11 tty2     00:00:00 /sbin/mingetty /dev/tty2
root      1499     1  0 Dec11 tty3     00:00:00 /sbin/mingetty /dev/tty3
root      1501     1  0 Dec11 tty4     00:00:00 /sbin/mingetty /dev/tty4
root      1503     1  0 Dec11 tty5     00:00:00 /sbin/mingetty /dev/tty5
root      1505     1  0 Dec11 tty6     00:00:00 /sbin/mingetty /dev/tty6
[test@test 7]$ ssh root@192.168.0.1 -nx '/bin/psg get | ./aaaa'
root@192.168.0.1's password: 
root      1497     1  0 Dec11 tty2     00:00:00 /sbin/mingetty /dev/tty2
root      1499     1  0 Dec11 tty3     00:00:00 /sbin/mingetty /dev/tty3
root      1501     1  0 Dec11 tty4     00:00:00 /sbin/mingetty /dev/tty4
root      1503     1  0 Dec11 tty5     00:00:00 /sbin/mingetty /dev/tty5
root      1505     1  0 Dec11 tty6     00:00:00 /sbin/mingetty /dev/tty6
  • There is ./aaaaa sg get in there, but not when using absolute paths.

Environment

  • Red Hat Enterprise Linux (RHEL) 6.5
  • ksh-20120801-10.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content