Shellshock: how does it actually work?
Ian Malone
ibmalone at gmail.com
Fri Sep 26 09:36:07 UTC 2014
On 26 September 2014 05:51, Doug <dmcgarrett at optonline.net> wrote:
> On 09/25/2014 11:50 PM, Matthew Miller wrote:
>> http://fedoramagazine.org/shellshock-how-does-it-actually-work/
>>
>> My attempt to explain this in some satisfying detail, but also in an
>> understandable way. Let me know how that went. :)
>>
> Your test doesn't work on pclos kde 32:
>
> [root at linux1 doug]# env x='() { :;}; echo OOPS' bash -c :
> bash: warning: x: ignoring function definition attempt
> bash: error importing function definition for `x'
>
The test works, you're looking at a shell patched to some degree (the
'ignoring function definition attempt' bit). Though it seems some of
the earlier patches don't cover all cases.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list