[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash-4.3 Official Patch 27
|
From: |
becker . rg |
|
Subject: |
Re: Bash-4.3 Official Patch 27 |
|
Date: |
Sun, 28 Sep 2014 09:10:51 -0700 (PDT) |
|
User-agent: |
G2/1.0 |
On Sunday, September 28, 2014 4:38:24 PM UTC+1, beck...@gmail.com wrote:
......
> If I use the Arch linux [testing] bash-4.3.027-1 which is uses this patch
> then I have a patch against the at(1) source which converts exported
> functions into something that sh can parse and allows exported functions to
> be used in the environment that calls at.
>
.......
Jon Seymour asked me if my at patch would fix the following vulnerablity
(presumably in at(1))
echo pwd | env "/tmp/exploit=me" at tomorrow
which I presume relies on acceptance of /tmp/exploit=me as a possible command.
I'm not sure it does since the current at code writes the variable name out
unconditionally (ie no inspection of characters etc etc). I could probably
raise an error for bad variable names, but I'm not sure I understand what
characters are now illegal or what the lexical definition of bash/sh variable
names is now. So I would appreciate advice on that.
- Bash-4.3 Official Patch 27, Chet Ramey, 2014/09/27
- Re: Bash-4.3 Official Patch 27, becker . rg, 2014/09/28
- Re: Bash-4.3 Official Patch 27,
becker . rg <=
- Re: Bash-4.3 Official Patch 27, Jon Seymour, 2014/09/28
- Re: Bash-4.3 Official Patch 27, Jon Seymour, 2014/09/28
- Re: Bash-4.3 Official Patch 27, Ángel González, 2014/09/28
- Re: Bash-4.3 Official Patch 27, Linda Walsh, 2014/09/28
- Re: Bash-4.3 Official Patch 27, Ángel González, 2014/09/29
- Re: Bash-4.3 Official Patch 27, Chet Ramey, 2014/09/28
Re: Bash-4.3 Official Patch 27, Chet Ramey, 2014/09/28
Message not available