[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash-4.3 Official Patch 27

From: becker . rg
Subject: Re: Bash-4.3 Official Patch 27
Date: Sun, 28 Sep 2014 09:10:51 -0700 (PDT)
User-agent: G2/1.0

On Sunday, September 28, 2014 4:38:24 PM UTC+1, address@hidden wrote:
> If I use the Arch linux [testing] bash-4.3.027-1 which is uses this patch 
> then I have a patch against the at(1) source which converts exported 
> functions into something that sh can parse and allows exported functions to 
> be used in the environment that calls at.

Jon Seymour asked me if my at patch would fix the following vulnerablity 
(presumably in at(1))

echo pwd | env "/tmp/exploit=me" at tomorrow

which I presume relies on acceptance of /tmp/exploit=me as a possible command. 
I'm not sure it does since the current at code writes the variable name out 
unconditionally (ie no inspection of characters etc etc). I could probably 
raise an error for bad variable names, but I'm not sure I understand what 
characters are now illegal or what the lexical definition of bash/sh variable 
names is now. So I would appreciate advice on that.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]