[kwlug-disc] Vulnerability in bash
William Park
opengeometry at yahoo.ca
Thu Sep 25 19:18:34 EDT 2014
On Thu, Sep 25, 2014 at 04:33:27PM -0400, B.S. wrote:
> Which startles me. I thought bash was an interpreter sucking in command
> lines. The startling part is not that it might not be, it's that the
> thing is so darned fast you can't tell the difference (that new
> processes are being spawned with each line)!
Well, shell sucks in command lines, as always. If the command is
built-in, then shell runs it. So, if it crashes, the shell crashes. If
the command is external binary, then shell does fork/exec. If that
binary crashes, then shell is okay since those two are separate
processes (parent/child).
This whole thing is just another form of "source injection" that SQL is
most widely known for. The fact that environment variable contains
"shell function" is okay, since it's just string. When shell runs, it
converts that string into function, just like when you "source" a file.
So, it's not a bug, really. Shell is doing the right thing. :-)
--
William
More information about the kwlug-disc
mailing list