Ubuntu
bash-completion package

umount bash-completion: awk: cmd. line:8: (FILENAME=- FNR=1) fatal: invalid regexp: Unmatched ( or \(:

Bug #1904328 reported by rainer canavan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bash-completion (Ubuntu)
New
Undecided
Unassigned

Bug Description

Reproduce:

mkdir ~/a\(b
cd ~/a\(b/

then type "umount " and press tab. awk then prints:

awk: cmd. line:8: (FILENAME=- FNR=1) fatal: invalid regexp: Unmatched ( or \(: awk: cmd. line:8: (FILENAME=- FNR=1) fatal: invalid regexp: Unmatched ( or \(:

Revision history for this message
rainer canavan (canavan) wrote :

Since this appears to be an issue with insufficient quoting I' not entirely sure whether this could theoretically exploited - in the unlikely case that one can convince a privileged user to execute umount from a specifically prepared directory.

Revision history for this message
Alex Murray (alexmurray) wrote :

@canavan can you please detail which Ubuntu release you are using along with the associated version of bash-completion etc? I don't think this could be easily exploited since it requires a lot of user interaction with specific steps etc (ie make a directory with particular name and then from within the directory enter "umount " and hit TAB) - however this seems like a real bug so I think it is best to treat it as a normal bug rather than a security issue. In that case would you be happy for me to make this bug public?

Revision history for this message
rainer canavan (canavan) wrote :

I'm using Ubuntu 20.10 with bash-completion version 1:2.11-2ubuntu1.

Feel free to switch this to public, since exploitability is questionable at best.

Alex Murray (alexmurray)
information type: Private Security → Public Security
information type: Public Security → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.