Date: Wed, 24 Sep 2014 23:55:45 +0400 From: gremlin@...mlin.ru To: oss-security@...ts.openwall.com Subject: Re: CVE-2014-6271: remote code execution through bash On 24-Sep-2014 21:39:37 +0200, Pierre Schweitzer wrote: > Naive question regarding statement below. Does that mean that > exec*() system calls are concerned as well (like for instance > called from a fork())? Only execve() is a system call, all other (execl, execlp, execle, execv, execvp) are just front-ends for it. And, obviously, yes - they may pass unsane environment to the executed process. > On 24/09/2014 18:23, Michal Zalewski wrote: - Because it messes up the order in which people normally read text. - Why top-posting is considered the most annoying thing in messages? -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.