Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Critical bash vulnerability CVE-2014-6271

From: Paul Vixie <paul () redbarn org>
Date: Thu, 25 Sep 2014 15:56:32 -0700



Seth Arnold <mailto:seth.arnold () canonical com>
Thursday, September 25, 2014 3:10 PM

Which systems go through /bin/sh for the exec*() family of functions?

i don't have an exhaustive list. my friends at $dayjob told me to use
debian, so i am. i see this:

http://manpages.debian.org/cgi-bin/man.cgi?query=execv&apropos=0&sektion=0&manpath=Debian+7.0+wheezy&format=html&locale=en

which contains this text:


       If the header of a  file  isn't  recognized  (the  attempted  execve(2) 
<http://manpages.debian.org/cgi-bin/man.cgi?query=execve&sektion=2&apropos=0&manpath=Debian+7.0+wheezy&locale=>
       failed  with the error ENOEXEC), these functions will execute the shell
       (/bin/sh) with the path of the file as its first  argument.   (If  this
       attempt fails, no further searching is done.)


i now see that this only applies to execlp() and execvp(), not to the
entire family. (was reading in a terminal window before.)

-- 
Paul Vixie

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: