[clug] Security talk and the bash 'shellshock' vulnerability
Brett Worth
brett.worth at gmail.com
Sun Sep 28 01:16:52 MDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 27/09/14 21:11, Carlo Hamalainen wrote:
> Hi,
>
> The gift that keeps on giving...
>
> http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00211.html
>
> $ cat <<EOF >test.sh #!/bin/bash cat /dev/null EOF
>
> $ chmod a+x test.sh $ env cat='() { echo rm -rf /; }' ./test.sh
>
> This will echo rm -fr /.
This one seems to have been fixed with today's update on Ubuntu to bash-4.3-7ubuntu1.4:
brettw at diode:/tmp$ cat test.sh
#!/bin/bash
cat /etc/hostname
brettw at diode:/tmp$ env cat='() { echo Hello; }' ./test.sh
diode
brettw at diode:/tmp$
Brett
- --
/) _ _ _/_/ / / / _ _//
/_)/</= / / (_(_/()/< ///
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUJ7XkRvcHEifrYE8RAhwuAJ4sOTDCMc0tT4n8bnDUs1+AS+HiDQCfSeAn
iIEcB4h0DW7Qw0KxbrMgsxw=
=EdpZ
-----END PGP SIGNATURE-----
More information about the linux
mailing list