oss-sec mailing list archives
Re: CVE-2014-6271: remote code execution through bash
From: gremlin () gremlin ru
Date: Wed, 24 Sep 2014 23:55:45 +0400
On 24-Sep-2014 21:39:37 +0200, Pierre Schweitzer wrote:
Naive question regarding statement below. Does that mean that exec*() system calls are concerned as well (like for instance called from a fork())?
Only execve() is a system call, all other (execl, execlp, execle, execv, execvp) are just front-ends for it. And, obviously, yes - they may pass unsane environment to the executed process.
On 24/09/2014 18:23, Michal Zalewski wrote:
- Because it messes up the order in which people normally read text. - Why top-posting is considered the most annoying thing in messages? -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Current thread:
- Re: CVE-2014-6271: remote code execution through bash, (continued)
- Re: CVE-2014-6271: remote code execution through bash mancha (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Alan J. Wylie (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)