[OpenIndiana-discuss] Bash bug issue
Nemo
cym224 at gmail.com
Fri Sep 26 23:59:41 UTC 2014
On 26 September 2014 19:44, Saso Kiselkov <skiselkov.ml at gmail.com> wrote:
> On 9/27/14, 1:41 AM, Nemo wrote:
[...]
>> Whence does the OI bash source originate? On the bash that comes with
>> Solaris 10, the vulnerability is not present:
>>
>> [~]=> bash --version
>> GNU bash, version 3.00.16(1)-release (sparc-sun-solaris2.10)
>> Copyright (C) 2004 Free Software Foundation, Inc.
>> [~]=> env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
>> completed
>
> In general, bash != /bin/sh on either Solaris or Illumos-derived
> systems. Rerun the env test with bash instead of /bin/sh.
[~]=> echo $SHELL
/bin/bash
[~]=> env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
completed
Note that I put bash into /bin to avoid GNUisms.
N.
More information about the openindiana-discuss
mailing list