bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues with exported functions


From: Vincent Lefevre
Subject: Re: Issues with exported functions
Date: Fri, 26 Sep 2014 02:38:46 +0000 (UTC)
User-agent: tin/2.2.1-20140504 ("Tober an Righ") (UNIX) (Linux/3.16-2-amd64 (x86_64))

In article <address@hidden>,
  lolilolicon <address@hidden> wrote:

> I think almost as severe as CVE-2014-6271 is that it's still possible to
> mask commands in a bash script by changing it's environment.

> For example, true='() { false;}' or grep='() { /bin/id;}' ...

Yes, and BTW, I don't think this is POSIX compliant:

  8.1 Environment Variable Definition

  [...] The name space of environment variable names containing
  lowercase letters is reserved for applications. Applications can
  define any environment variables with names from this name space
  without modifying the behavior of the standard utilities.

This means that some application like sudo that needs to clean up
the environment could choose to keep these environment variables
with lowercase letters, and this could have really bad effects if
a bash script is executed.

-- 
Vincent Lefèvre <address@hidden> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)




reply via email to

[Prev in Thread] Current Thread [Next in Thread]