CGI::Application and recent bash security hole
Roger Bell_West
roger at firedrake.org
Fri Sep 26 18:32:20 BST 2014
On Fri, Sep 26, 2014 at 02:11:49PM +0100, Dirk Koopman wrote:
>But not this:
>
>env X="() { (a)=>\\" bash -c 'date'
>bash: X: line 1: syntax error near unexpected token `='
>bash: X: line 1: `'
>bash: error importing function definition for `X'
>Fri Sep 26 14:11:23 BST 2014
Is that not functionally equivalent to
$ env X="foo bar" bash -c 'date'
Fri Sep 26 18:31:00 BST 2014
and thus working as designed?
More information about the london.pm
mailing list