flat assembler
Message board for the users of flat assembler.

Index > Heap > CVE-2014-6271: remote code execution through bash

Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 8975
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
Post 24 Sep 2014, 16:46
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
LOL. I read this on FreshPorts. So this is what this is all about?
Quote:
Disable function importing from the environment by default. [...]

This removes the risk of further parser bugs leading to code execution, as well as the risk to setuid scripts and poorly written applications that do not cleanse their environment

t/csh (FreeBSD's default shell) had such a problem like 20 years ago!!!
Post 27 Sep 2014, 14:08
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.