On 9/25/14, 9:02 AM, gnu.bash.bug wrote: > Hi, > > This patch does not seem to work on HP-UX: > > $ ./bash --version > GNU bash, version 4.3.25(1)-release (ia64-hp-hpux11.31) > Copyright (C) 2013 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > > This is free software; you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > $ ./bash > $ <CTRL-X CTRL-V in emacs mode displays the version to> > GNU bash, version 4.3.25(1)-release (ia64-hp-hpux11.31) > > $ /usr/bin/env x='() { :;}; echo vulnerable' bash -c 'echo hello' > vulnerable > hello
Since `.' is probably not in your $PATH before /bin, `env' is not running the patched version. Try changing `bash -c' to `./bash -c'. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/