On 26 September 2014 16:06, Kent Fredric <[email protected]> wrote:
> As long as any of those calls 'system()' and system is implemented in > terms of 'sh -c' and 'sh' is a symlink to bash, ( a very common arrangement > ), env based exploits will still work here as soon as a bash instance is > fired. For some lovely examples of potential soft targets: https://github.com/search?q=php+exec+sudo+&ref=searchresults&type=Code&utf8=%E2%9C%93 http://nz1.php.net/manual/en/function.putenv.php Arbitrary code + sudo, what could possibly go wrong? -- Kent *KENTNL* - https://metacpan.org/author/KENTNL
_______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
