[kwlug-disc] Vulnerability in bash
B.S.
bs27975 at yahoo.ca
Thu Sep 25 16:33:27 EDT 2014
On Thu, 25 Sep 2014 15:36:57 -0400
Giles Malet <gdmalet at gmail.com> wrote:
> On 14-09-25 09:35 AM, Khalid Baheyeldin wrote:
> > env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> > [...]
> > I did not need to reboot nor start the shells I have open in screen.
>
> Don't forget you are starting a new copy of the shell (a subshell) to
> execute the above command, and apparently it picks up the patched
> version. If it hasn't been replaced, your running shell could still
> be vulnerable, so you could replace it by running something like
> `exec bash'.
>
> Since bash often starts new subshells, just patching without
> rebooting / restarting maybe gets you mostly there....
Don't worrry about repeat.
I appreciated and felt reassured by Chris' answer. But couldn't follow
it. (-:
Yours I got easier. (-:
> Don't forget you are starting a new copy of the shell
Which startles me. I thought bash was an interpreter sucking in command
lines. The startling part is not that it might not be, it's that the
thing is so darned fast you can't tell the difference (that new
processes are being spawned with each line)!
More information about the kwlug-disc
mailing list