[OpenIndiana-discuss] Bash bug issue
Nemo
cym224 at gmail.com
Sat Sep 27 14:41:56 UTC 2014
On 26 September 2014 20:04, Saso Kiselkov <skiselkov.ml at gmail.com> wrote:
> The invoking shell is irrelevant. Here's your problem:
>
> vvvvvvv
> env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
> ^^^^^^^
>
> Put bash in there and you'll get a vulnerable "busted" result.
Of course, thank you, I never noticed that I was runing /bin/sh, not /bin/bash.
Moral of the story: Neverl operate heavy machinery or shell scripts when tired.
N.
More information about the openindiana-discuss
mailing list