|
Message-ID: <CABJ8ys96+Ksmg5moqacpbLdfnQOL1+XWCjpSvyFxr=99N8PuGg@mail.gmail.com> Date: Mon, 29 Sep 2014 22:58:12 +0800 From: Osmond Sun <osmond.sun@...il.com> To: Chester Ramey <chet.ramey@...e.edu> Cc: oss-security@...ts.openwall.com Subject: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) I see, Thanks Osmond 2014-09-29 22:33 GMT+08:00 Chet Ramey <chet.ramey@...e.edu>: > On 9/29/14, 9:01 AM, Osmond Sun wrote: >> I found the function parsing is still imperfect. >> e.g. $env x="() { :;}; `touch vulnerablefile`" bash -c "echo this is a test " > > If that is the command you ran, this doesn't show any vulnerability. The > double quotes surrounding the assignment to x in the argument to `env' > mean that command substitution is performed before env runs. It's the > command substitution that creates the file, so the file exists before bash > is invoked. > > Chet > -- > ``The lyf so short, the craft so long to lerne.'' - Chaucer > ``Ars longa, vita brevis'' - Hippocrates > Chet Ramey, ITS, CWRU chet@...e.edu http://cnswww.cns.cwru.edu/~chet/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.