Environment variable of a name which is often used

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Environment variable of a name which is often used

From:	Norihiro Tanaka
Subject:	Environment variable of a name which is often used
Date:	Sat, 27 Sep 2014 02:31:59 +0900

I tried 4.3.25 in order to check the details of CVE-2014-6271, and
confirmed that the bug is fixed with a test case.

Next, I tried following case, and receive an output `rm -rf /'.  I seem
that is designed, but it's also vulnerable.

$ cat <<EOF >test.sh
#!/bin/bash
cat /dev/null
EOF

$ chmod a+x test.sh
$ env cat='() { echo rm -rf /; }' ./test.sh

`cat' command is often used.  If we set write malicious code to
environment variable named `cat', I see that it's often run, even if not
expected.

Thanks,
Norihiro

[Prev in Thread]

Current Thread

[Next in Thread]

Environment variable of a name which is often used, Norihiro Tanaka <=
- Re: Environment variable of a name which is often used, Eric Blake, 2014/09/26
  - Re: Environment variable of a name which is often used, Norihiro Tanaka, 2014/09/26

Prev by Date: Re: CVE-2014-7169 vs CVE-2014-6271
Next by Date: Re: REGRESSION: shellshock patch rejects valid function names
Previous by thread: Exploit 2 (CVE-2014-7169)
Next by thread: Re: Environment variable of a name which is often used
Index(es):
- Date
- Thread