[kwlug-disc] Vulnerability in bash

CrankyOldBugger crankyoldbugger at gmail.com
Fri Sep 26 16:35:11 EDT 2014 

I thought it sounded familiar..

On 26 September 2014 16:26, Khalid Baheyeldin <kb at 2bits.com> wrote:

> It is the same one that I got 10 pm-ish yesterday and posted about. So
> faster than you thought even ...
>
> On Fri, Sep 26, 2014 at 4:06 PM, CrankyOldBugger <
> crankyoldbugger at gmail.com> wrote:
>
>> Ars Technica is reporting that another patch is out now:
>>
>>
>> http://arstechnica.com/security/2014/09/new-shellshock-patch-rushed-out-to-resolve-gaps-in-first-fix/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
>>
>> Say what you want about Linux, the community is very fast to fix things!
>>
>>
>> On 26 September 2014 15:14, William Park <opengeometry at yahoo.ca> wrote:
>>
>>> On Fri, Sep 26, 2014 at 11:27:55AM -0400, Giles Malet wrote:
>>> > On 14-09-25 07:18 PM, William Park wrote:
>>> > >If the command is built-in, then shell runs it.
>>> >
>>> > We're getting somewhat off topic, but bash will start subshells for
>>> certain
>>> > loops. I can't remember off the top of my head which, but I know to be
>>> > carefully of variable assignment within a loop, since if it's done in a
>>> > subshell the assignment is lost.
>>> >
>>> > Some thing like:
>>> >
>>> > A="a"; loop ... A=b ... end loop; echo $A
>>> >
>>> > produces "a", not "b", since that second assignment is lost.
>>>
>>> That would be if the loop is part of pipe, because each part is separate
>>> process, ie. fork/exec with consecutive parts connected to each other by
>>> pipe.
>>>
>>> >
>>> > But it's true what people have said: because of all this your running
>>> shell
>>> > is probably pretty safe from being 0wned; subshells are vulnerable,
>>> unless
>>> > you have a new binary.
>>> >
>>> > g
>>> >
>>> >
>>> > _______________________________________________
>>> > kwlug-disc mailing list
>>> > kwlug-disc at kwlug.org
>>> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>
>>>
>>> _______________________________________________
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, and
> wrong." -- H.L. Mencken
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140926/7a74a258/attachment.htm>

More information about the kwlug-disc mailing list