[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash-4.3 Official Patch 25
|
From: |
Chet Ramey |
|
Subject: |
Re: Bash-4.3 Official Patch 25 |
|
Date: |
Thu, 25 Sep 2014 09:09:30 -0400 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
On 9/25/14, 9:02 AM, gnu.bash.bug wrote:
> Hi,
>
> This patch does not seem to work on HP-UX:
>
> $ ./bash --version
> GNU bash, version 4.3.25(1)-release (ia64-hp-hpux11.31)
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>
> This is free software; you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> $ ./bash
> $ <CTRL-X CTRL-V in emacs mode displays the version to>
> GNU bash, version 4.3.25(1)-release (ia64-hp-hpux11.31)
>
> $ /usr/bin/env x='() { :;}; echo vulnerable' bash -c 'echo hello'
> vulnerable
> hello
Since `.' is probably not in your $PATH before /bin, `env' is not running
the patched version. Try changing `bash -c' to `./bash -c'.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
- Re: Bash-4.3 Official Patch 25, (continued)
Re: Bash-4.3 Official Patch 25, Jason Vas Dias, 2014/09/25
Re: Bash-4.3 Official Patch 25, mark, 2014/09/25
Re: Bash-4.3 Official Patch 25, gnu.bash.bug, 2014/09/25
Re: Bash-4.3 Official Patch 25, M1ch34lk, 2014/09/25