[clug] Security talk and the bash 'shellshock' vulnerability
Carlo Hamalainen
carlo at carlo-hamalainen.net
Sat Sep 27 05:11:54 MDT 2014
Hi,
The gift that keeps on giving...
http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00211.html
$ cat <<EOF >test.sh
#!/bin/bash
cat /dev/null
EOF
$ chmod a+x test.sh
$ env cat='() { echo rm -rf /; }' ./test.sh
This will echo rm -fr /.
--
Carlo Hamalainen
http://carlo-hamalainen.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20140927/6d931747/attachment.pgp>
More information about the linux
mailing list