Joe Morris <jol...@panix.com> wrote:
> ubik% env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"You are invoking /bin/sh here. That is only testing whether or not /bin/sh is vulnerable, not whether the parent shell that happens to run to invoke /bin/sh is vulnerable. I'm going to guess that on your system /bin/sh is actually bash (as is the case of OS X): /bin/sh -c 'echo $BASH_VERSION' -Jan
pgpRQdeYaOfjW.pgp
Description: PGP signature
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
