Re: [OCLUG-Tech] some weird shell parameter substitution constructs

Subject: Re: [OCLUG-Tech] some weird shell parameter substitution constructs
From: "Stephen M. Webb" <stephen [ dot ] webb [ at ] bregmasoft [ dot ] ca>
Date: Sun, 8 Apr 2018 09:58:29 -0400

On 2018-04-08 09:04 AM, Robert P. J. Day wrote:
>   i would have been shocked if that construct had that obvious a
> security hole, given how often i've seen it in shell scripts.

LOL remember shellshock?

    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Unfortunately I don't have a vulnerable system to test on, but I'm willing to be that's what it's guarding against.

-- 
Stephen M. Webb  <stephen [ dot ] webb [ at ] bregmasoft [ dot ] ca>

references

[OCLUG-Tech] some weird shell parameter substitution constructs, Robert P. J. Day
Re: [OCLUG-Tech] some weird shell parameter substitution constructs, Stephen M. Webb
Re: [OCLUG-Tech] some weird shell parameter substitution constructs, Robert P. J. Day

message navigation

previous by date: Re: [OCLUG-Tech] some weird shell parameter substitution constructs
next by date: [OCLUG-Tech] testing, ignore
previous by thread: Re: [OCLUG-Tech] some weird shell parameter substitution constructs
next by thread: [OCLUG-Tech] testing, ignore