[kwlug-disc] Vulnerability in bash
Giles Malet
gdmalet at gmail.com
Fri Sep 26 11:27:55 EDT 2014
On 14-09-25 07:18 PM, William Park wrote:
> If the command is built-in, then shell runs it.
We're getting somewhat off topic, but bash will start subshells for
certain loops. I can't remember off the top of my head which, but I know
to be carefully of variable assignment within a loop, since if it's done
in a subshell the assignment is lost.
Some thing like:
A="a"; loop ... A=b ... end loop; echo $A
produces "a", not "b", since that second assignment is lost.
But it's true what people have said: because of all this your running
shell is probably pretty safe from being 0wned; subshells are
vulnerable, unless you have a new binary.
g
More information about the kwlug-disc
mailing list