[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Axiom-developer] [off topic but read this] well, this is bad
From: |
daly |
Subject: |
[Axiom-developer] [off topic but read this] well, this is bad |
Date: |
Thu, 25 Sep 2014 07:24:07 -0500 |
try the following line on any machine you have (BASH bug)
env 'x=() { :;}; echo vulnerable' bash -c echo 'test'
if you get the string 'vulnerable' (and you will because it fails in
all versions of bash on osx and linux) then anyone anywhere can make
your machine do anything remotely.
essentially, the bug is that after defining a function bash in an
environment string will continue to execute the rest of the line which
could be anything.
for details see:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
Tim
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Axiom-developer] [off topic but read this] well, this is bad,
daly <=