CGI::Application and recent bash security hole

Roger Bell_West roger at
Fri Sep 26 18:32:20 BST 2014

On Fri, Sep 26, 2014 at 02:11:49PM +0100, Dirk Koopman wrote:
>But not this:
>env X="() { (a)=>\\" bash -c 'date'
>bash: X: line 1: syntax error near unexpected token `='
>bash: X: line 1: `'
>bash: error importing function definition for `X'
>Fri Sep 26 14:11:23 BST 2014

Is that not functionally equivalent to

$ env X="foo bar" bash -c 'date'
Fri Sep 26 18:31:00 BST 2014

and thus working as designed?

More information about the mailing list