Re: Environment variable of a name which is often used

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Environment variable of a name which is often used

From:	Norihiro Tanaka
Subject:	Re: Environment variable of a name which is often used
Date:	Sat, 27 Sep 2014 11:18:05 +0900

Eric Blake wrote:
> This is a known issue, but NOT necessarily a security bug.  In other
> words, it's no worse than running:
> 
> env LD_PRELOAD=... ./test.sh
> 
> with a malicious preload library.  Remember, the security aspect of
> CVE-2014-6271 is that bash does unwanted parsing of the _contents_ of an
> environment variable, and NOT that it is tied to the _name_ of the
> variable.  The exploit happens because well-known programs stick
> user-controlled contents into a name already under the program's
> control, and NOT because well-known programs are creating arbitrary
> names in the environment (that is, a vulnerable system running apache is
> NOT creating arbitrary variables, so much as sticking arbitrary contents
> into a variable named HTTP_...).

Thanks.  I understood that issue by CVE-2014-6271 is in below.

  - bash does unwanted parsing of the _contents_ of an environment variable
  - CVE-2014-6271 can be caused by any envoronment variable.

In my case, both conditions aren't filled.

[Prev in Thread]

Current Thread

[Next in Thread]

Environment variable of a name which is often used, Norihiro Tanaka, 2014/09/26
- Re: Environment variable of a name which is often used, Eric Blake, 2014/09/26
  - Re: Environment variable of a name which is often used, Norihiro Tanaka <=

Prev by Date: Re: REGRESSION: shellshock patch rejects valid function names
Next by Date: Re: REGRESSION: shellshock patch rejects valid function names
Previous by thread: Re: Environment variable of a name which is often used
Next by thread: Bash-4.3 Official Patch 26
Index(es):
- Date
- Thread