Date: Fri, 16 Sep 2016 13:38:38 -0400 From: Jan Schaumann <jschauma@...meister.org> To: oss-security@...ts.openwall.com Cc: chet.ramey@...e.edu Subject: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME John Haxby <john.haxby@...cle.com> wrote: > A little while ago, one of our users discovered that by setting the > hostname to $(something unpleasant), bash would run "something > unpleasant" when it expanded \h in the prompt string. To clarify: this is only triggered if the hostname has been set, not the $HOSTNAME variable, right? Your subject line suggests setting $HOSTNAME would lead to command execution, which would be a vulnerability reminiscent of shellshock, but quickly glancing at the code, it looks like $HOSTNAME is only used if gethostname(3) returned an empty string? -Jan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.