Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABJ8ys96+Ksmg5moqacpbLdfnQOL1+XWCjpSvyFxr=99N8PuGg@mail.gmail.com>
Date: Mon, 29 Sep 2014 22:58:12 +0800
From: Osmond Sun <osmond.sun@...il.com>
To: Chester Ramey <chet.ramey@...e.edu>
Cc: oss-security@...ts.openwall.com
Subject: Re: Re: CVE-2014-6271: remote code execution through
 bash (3rd vulnerability)

I see, Thanks

Osmond

2014-09-29 22:33 GMT+08:00 Chet Ramey <chet.ramey@...e.edu>:
> On 9/29/14, 9:01 AM, Osmond Sun wrote:
>> I found the function parsing is still imperfect.
>> e.g. $env x="() { :;}; `touch vulnerablefile`" bash -c "echo this is a test "
>
> If that is the command you ran, this doesn't show any vulnerability.  The
> double quotes surrounding the assignment to x in the argument to `env'
> mean that command substitution is performed before env runs.  It's the
> command substitution that creates the file, so the file exists before bash
> is invoked.
>
> Chet
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>                  ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, ITS, CWRU    chet@...e.edu    http://cnswww.cns.cwru.edu/~chet/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.