oss-sec mailing list archives
Re: wordexp(3)
From: John Haxby <john.haxby () oracle com>
Date: Wed, 11 Feb 2015 09:30:29 +0000
On 10/02/15 17:57, Rich Felker wrote:
Obviously implementations using /bin/sh were vulnerable to shellshock on systems where /bin/sh is bash.
I must admit, that was my first thought. Closely followed by wondering whether this gives an interesting new vector in spite of the BASH_FUNC_...() wrapper. jch
Current thread:
- wordexp(3) Solar Designer (Feb 10)
- Re: wordexp(3) Rich Felker (Feb 10)
- Re: wordexp(3) Rich Felker (Feb 10)
- Re: wordexp(3) John Haxby (Feb 11)
- Re: wordexp(3) Stuart Henderson (Feb 11)
- Re: wordexp(3) Florian Weimer (Feb 11)
- Re: wordexp(3) Tim (Feb 11)
- Re: wordexp(3) Daniel Micay (Feb 11)
- Re: wordexp(3) Florian Weimer (Feb 11)
- Re: wordexp(3) Rich Felker (Feb 10)