[OpenIndiana-discuss] Bash bug issue
Saso Kiselkov
skiselkov.ml at gmail.com
Sat Sep 27 00:04:58 UTC 2014
On 9/27/14, 1:59 AM, Nemo wrote:
> On 26 September 2014 19:44, Saso Kiselkov <skiselkov.ml at gmail.com> wrote:
>> On 9/27/14, 1:41 AM, Nemo wrote:
> [...]
>>> Whence does the OI bash source originate? On the bash that comes with
>>> Solaris 10, the vulnerability is not present:
>>>
>>> [~]=> bash --version
>>> GNU bash, version 3.00.16(1)-release (sparc-sun-solaris2.10)
>>> Copyright (C) 2004 Free Software Foundation, Inc.
>>> [~]=> env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
>>> completed
>>
>> In general, bash != /bin/sh on either Solaris or Illumos-derived
>> systems. Rerun the env test with bash instead of /bin/sh.
>
> [~]=> echo $SHELL
> /bin/bash
> [~]=> env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
> completed
>
> Note that I put bash into /bin to avoid GNUisms.
The invoking shell is irrelevant. Here's your problem:
vvvvvvv
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
^^^^^^^
Put bash in there and you'll get a vulnerable "busted" result.
--
Saso
More information about the openindiana-discuss
mailing list