[clug] Security talk and the bash 'shellshock' vulnerability
Brett Worth
brett.worth at gmail.com
Sat Sep 27 05:58:22 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 27/09/14 21:11, Carlo Hamalainen wrote:
> $ cat <<EOF >test.sh #!/bin/bash cat /dev/null EOF
>
> $ chmod a+x test.sh $ env cat='() { echo rm -rf /; }' ./test.sh
>
> This will echo rm -fr /.
So this is why it's a good idea to always use fully qualified paths to executables
called from shell scripts.
Brett
- --
/) _ _ _/_/ / / / _ _//
/_)/</= / / (_(_/()/< ///
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUJqZeRvcHEifrYE8RAr8AAJwNZFlPynZkt4sh2UCQYgbaGqgvcwCeO4mn
Vg3PRoddeyQSntvT6InbLyU=
=LS1A
-----END PGP SIGNATURE-----
More information about the linux
mailing list