oss-sec mailing list archives

Re: Healing the bash fork

From: Martin Carpenter <martin.carpenter () gmail com>
Date: Tue, 30 Sep 2014 23:53:58 +0200

On Tue, 2014-09-30 at 08:08 -0700, Tavis Ormandy wrote:

system("date");


Keep going, eventually you're going to have to stop blacklisting
variables and use execve ;-)


... and beware what you whitelist:

OpenSolaris/on-src/usr/src/cmd/date/date.c:
295     /* correct the kernel's "gmt_lag" and the PC's RTC */
296     (void) system("/usr/sbin/rtc -c > /dev/null 2>&1");

[wryly noticed some time in the last week]

Current thread:

Re: Healing the bash fork, (continued)
- - - Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
  - Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)
  - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Zach Wikholm (Sep 30)
    - Re: Healing the bash fork David A. Wheeler (Sep 30)
    - Re: Healing the bash fork Michal Zalewski (Sep 30)
    - Re: Healing the bash fork Stuart D. Gathman (Sep 30)
  - Re: Healing the bash fork Martin Carpenter (Sep 30)