Re: How to understand bash vulnerability?

help-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to understand bash vulnerability?

From:	Peng Yu
Subject:	Re: How to understand bash vulnerability?
Date:	Wed, 30 Dec 2020 22:11:32 -0600

> https://securityintelligence.com/articles/shellshock-vulnerability-in-depth/

Is 'env' at the beginning of the three commands necessarily? It seems
that if I remove 'env', "Bash is Infected" can still be printed on a
vulnerable bash session. So 'env' is not necessary?

I don't understand why an environment variable can be interpreted by
bash as source code. It seems to me it should be always treated as
plain text. Could anybody explain why this vulnerability was
introduced in the first place? Thanks.

> More information:
>   https://mywiki.wooledge.org/BashFAQ/111

-- 
Regards,
Peng

[Prev in Thread]

Current Thread

[Next in Thread]

How to understand bash vulnerability?, Peng Yu, 2020/12/21
- Re: How to understand bash vulnerability?, David, 2020/12/21
  - Re: How to understand bash vulnerability?, Peng Yu <=
  - Re: How to understand bash vulnerability?, Peng Yu, 2020/12/30
    - Re: How to understand bash vulnerability?, Chet Ramey, 2020/12/31

Prev by Date: How to terminate bash -i?
Next by Date: Why no closing single quote is needed when a single quote is escaped?
Previous by thread: Re: How to understand bash vulnerability?
Next by thread: Re: How to understand bash vulnerability?
Index(es):
- Date
- Thread