[MacPorts] #45162: Bash still vulnerable
MacPorts
noreply at macports.org
Fri Sep 26 10:33:17 PDT 2014
#45162: Bash still vulnerable
------------------------+----------------------
Reporter: kost.hc@… | Owner: raimue@…
Type: defect | Status: new
Priority: High | Milestone:
Component: ports | Version: 2.3.1
Resolution: | Keywords:
Port: bash |
------------------------+----------------------
Comment (by mf2k@…):
For reference the actual test is:
{{{
$ rm -f echo
$ env X='() { (a)=>\' sh -c "echo date"; cat echo
sh: X: line 1: syntax error near unexpected token `='
sh: X: line 1: `'
sh: error importing function definition for `X'
Fri Sep 26 11:29:03 MDT 2014
}}}
The fact that the date prints out is the bug. In a properly patched
system, here is the output:
{{{
$ rm -f echo
$ env X='() { (a)=>\' sh -c "echo date"; cat echo
date
cat: echo: No such file or directory
}}}
--
Ticket URL: <https://trac.macports.org/ticket/45162#comment:3>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list