On 9/25/14, 9:02 AM, gnu.bash.bug wrote:
> Hi,
>
> This patch does not seem to work on HP-UX:
>
> $ ./bash --version
> GNU bash, version 4.3.25(1)-release (ia64-hp-hpux11.31)
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>
> This is free software; you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> $ ./bash
> $ <CTRL-X CTRL-V in emacs mode displays the version to>
> GNU bash, version 4.3.25(1)-release (ia64-hp-hpux11.31)
>
> $ /usr/bin/env x='() { :;}; echo vulnerable' bash -c 'echo hello'
> vulnerable
> hello
Since `.' is probably not in your $PATH before /bin, `env' is not running
the patched version. Try changing `bash -c' to `./bash -c'.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
