On Sat, Sep 27, 2014 at 12:55:30AM +1000, Russell Coker wrote:
>
> #!/bin/bash
> echo ok
>
> I created a script named zz with the above contents. I ran the following test
> using bash 4.2+dfsg-0.1 from Debian/Wheezy (the unfixed version) and got an
> unexpected SEGV.
>
> # ORIG="() { :;} ; touch /tmp/ohno" ./zz
> /bin/bash: touch: No such file or directory
> Segmentation fault
>
The segfault goes away if you start the script "#!/bin/bash -p". Does that mean
such scripts defeat the exploit?
I always used to start my scripts that way to avoid inheriting functions from
the environment; but I stopped exporting functions a while ago...
Cheers ... Duncan.
_______________________________________________
luv-main mailing list
[email protected]
http://lists.luv.asn.au/listinfo/luv-main
