Version: (using KDE KDE 3.5.2) Installed from: Debian testing/unstable Packages OS: Linux tom1:~# hdlock (without CR execution confirmation!), a customer script to lock the hd drives with ata-security is executed on kde logout->system shutdown and respective signals. konsole must not execute scripts or call any CR-unconfirmed commands/executables at exit signals in any case. bug severity was set to maximum cause this is a system security hazard that leaves the system in a broken state. y tom
bash version is 2.05b-26 debian stable.
I don't understand what you mean by CR confirmation. Could you explain more fully, and give the steps I would need to take to reproduce the bug?
CR=Carriage Return, Enter Key 1. open konsole 2. su to root 3. type some exe/script call like "echo shit_happens > 124960.txt" -dont press enter- 4. shutdown system with kde logout. the command written at the prompt gets executed without confirmation by enter.
Same here. Only occurs when 'su' has been used. I didn't try 'su -' though. Do you get the same problem with 'su -'?
yes: tom1:~# ls -l konsole.txt -rw-r--r-- 1 root root 5 Apr 7 08:29 konsole.txt tom1:~# grep konsole.txt .bash_history echo shit > konsole.txt tom1:~# tail .bash_history ... echo shit > konsole.txt schorpp@tom1:~$ tail .bash_history ... su - now is konsole firing the echo on signal or bash on signal? i cant see it clearly in the konsole sources. should i forward a copy of this bug to bashbugs@gnu.org just to be sure the gnu guys are investigating this too?
It seems to be a su issue. I'm getting the same when doing this on tty (without using Konsole). tty1: su or su - to root echo "BUG" > /tmp/124960.txt tty2: kill <PID of SU> cat /tmp/124960.txt1 btw: my file name in /tmp has a trailing "1" added before the echo signal is fired. Thomas, yes please forward this issue. Thanks.
i have forwarded it weeks ago to "bashbugs@gnu.org" (whatever). no answer. it seems the gnu buglists or devs do only accept bugreport messages in console bugreport-tools formats. pls some "old unix" guy should forward to gnu buglists. ;) thx
bug report forwarded to the sudo maintainer since their bugzilla on http://www.sudo.ws/ is broken.
I can't reproduce any of these examples... and not Konsole related. GNU bash, version 3.1.16(1)-release (i686-pc-linux-gnu) su: shadow-4.0.14-r1
then it was a bashbug in 2.05 debian stable. suggest "fixed" status and forward to debian security maintainer *if* You open a docked konsole in konqueror and written stuff at the prompt *doesnt* get executed on cd'ing by mouseklick to other directory on the above konqueror directory treeview.
glad it was fixed upstream