[kwlug-disc] Vulnerability in bash

Khalid Baheyeldin kb at 2bits.com
Fri Sep 26 16:26:58 EDT 2014


It is the same one that I got 10 pm-ish yesterday and posted about. So
faster than you thought even ...

On Fri, Sep 26, 2014 at 4:06 PM, CrankyOldBugger <crankyoldbugger at gmail.com>
wrote:

> Ars Technica is reporting that another patch is out now:
>
>
> http://arstechnica.com/security/2014/09/new-shellshock-patch-rushed-out-to-resolve-gaps-in-first-fix/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
>
> Say what you want about Linux, the community is very fast to fix things!
>
>
> On 26 September 2014 15:14, William Park <opengeometry at yahoo.ca> wrote:
>
>> On Fri, Sep 26, 2014 at 11:27:55AM -0400, Giles Malet wrote:
>> > On 14-09-25 07:18 PM, William Park wrote:
>> > >If the command is built-in, then shell runs it.
>> >
>> > We're getting somewhat off topic, but bash will start subshells for
>> certain
>> > loops. I can't remember off the top of my head which, but I know to be
>> > carefully of variable assignment within a loop, since if it's done in a
>> > subshell the assignment is lost.
>> >
>> > Some thing like:
>> >
>> > A="a"; loop ... A=b ... end loop; echo $A
>> >
>> > produces "a", not "b", since that second assignment is lost.
>>
>> That would be if the loop is part of pipe, because each part is separate
>> process, ie. fork/exec with consecutive parts connected to each other by
>> pipe.
>>
>> >
>> > But it's true what people have said: because of all this your running
>> shell
>> > is probably pretty safe from being 0wned; subshells are vulnerable,
>> unless
>> > you have a new binary.
>> >
>> > g
>> >
>> >
>> > _______________________________________________
>> > kwlug-disc mailing list
>> > kwlug-disc at kwlug.org
>> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140926/c9f46869/attachment.htm>


More information about the kwlug-disc mailing list