[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issues with exported functions
|
From: |
Greg Wooledge |
|
Subject: |
Re: Issues with exported functions |
|
Date: |
Wed, 24 Sep 2014 16:07:33 -0400 |
|
User-agent: |
Mutt/1.4.2.3i |
On Thu, Sep 25, 2014 at 03:54:19AM +0800, lolilolicon wrote:
> I think almost as severe as CVE-2014-6271 is that it's still possible to
> mask commands in a bash script by changing it's environment.
>
> For example, true='() { false;}' or grep='() { /bin/id;}' ...
I'm still waiting for someone to successfully exploit this and post
it to Chet. Or maybe someone already did, and it's being kept quiet.
Of course, this category of exploit would require a reasonable guess
about which commands a script is going to use.
- Re: Issues with exported functions, (continued)
- Re: Issues with exported functions, Ángel González, 2014/09/25
- Re: Issues with exported functions, lolilolicon, 2014/09/25
- Re: Issues with exported functions, Steve Simmons, 2014/09/25
- Re: Issues with exported functions, Chet Ramey, 2014/09/25
- Re: Issues with exported functions, Eduardo A . Bustamante López, 2014/09/25
- Re: Issues with exported functions, Ángel González, 2014/09/25
Re: Issues with exported functions, lolilolicon, 2014/09/24
Re: Issues with exported functions, Chet Ramey, 2014/09/24