[Axiom-developer] [off topic but read this] well, this is bad

axiom-developer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Axiom-developer] [off topic but read this] well, this is bad

From:	daly
Subject:	[Axiom-developer] [off topic but read this] well, this is bad
Date:	Thu, 25 Sep 2014 07:24:07 -0500

try the following line on any machine you have (BASH bug)
env 'x=() { :;}; echo vulnerable' bash -c echo 'test'

if you get the string 'vulnerable' (and you will because it fails in
all versions of bash on osx and linux) then anyone anywhere can make
your machine do anything remotely.

essentially, the bug is that after defining a function bash in an
environment string will continue to execute the rest of the line which
could be anything.

for details see:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

Tim

[Prev in Thread]

Current Thread

[Next in Thread]

[Axiom-developer] [off topic but read this] well, this is bad, daly <=

Prev by Date: Re: [Axiom-developer] Server goes OOM when
Previous by thread: Re: [Axiom-developer] Server goes OOM when
Index(es):
- Date
- Thread