Re: CVE-2014-6271: remote code execution through bash

[Chet Ramey <chet.ramey () case edu>]

On 9/24/14, 9:30 PM, Solar Designer wrote:

> > > > > The bash patch seems incomplete to me, function parsing is still
> > > > > brittle. e.g. $ env X='() { (a)=>\' sh -c "echo date"; cat echo
> > > >
> > > > Thanks for bringing this to oss-security.  I've added CC to Chet and
> > > > Tavis on this "reply".
> > >
> > > I have a fix for this.
> >
> > Can you provide a pointer to the patch?  I put together a patch that
> > changed the report_error() to fatal_error() as I wasn't able to see
> > how to reset the parser state.  Was just about to send it out...
>
> I think Chet is not on oss-security - we should be CC'ing him where
> appropriate.  (I've added the CC on this reply.)

Here's the patch.  It's not specific to this vulnerability -- I can get
it to work from at least one other code path.  Please take a look and
see if you can bypass it.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/

Attachment: eol-pushback.patch
Description: