Shellshock: how does it actually work?
Patrick O'Callaghan
pocallaghan at gmail.com
Fri Sep 26 11:47:12 UTC 2014
On Fri, 2014-09-26 at 10:36 +0100, Ian Malone wrote:
> On 26 September 2014 05:51, Doug <dmcgarrett at optonline.net> wrote:
> > On 09/25/2014 11:50 PM, Matthew Miller wrote:
> >> http://fedoramagazine.org/shellshock-how-does-it-actually-work/
> >>
> >> My attempt to explain this in some satisfying detail, but also in an
> >> understandable way. Let me know how that went. :)
> >>
> > Your test doesn't work on pclos kde 32:
> >
> > [root at linux1 doug]# env x='() { :;}; echo OOPS' bash -c :
> > bash: warning: x: ignoring function definition attempt
> > bash: error importing function definition for `x'
> >
>
> The test works, you're looking at a shell patched to some degree (the
> 'ignoring function definition attempt' bit). Though it seems some of
> the earlier patches don't cover all cases.
I think that's the response from the fully-patched version. The partial
version has an extra line of output. See the Redhat writeup linked from
Matthew's article.
poc
More information about the users
mailing list