A remotely exploitable hole in bash
A remotely exploitable hole in bash
Posted Sep 25, 2014 17:43 UTC (Thu) by gb (subscriber, #58328)In reply to: A remotely exploitable hole in bash by gb
Parent article: A remotely exploitable hole in bash
$ cat /proc/$$/environ |xargs -0 -n1|grep -w A
A=() { echo "My func"
$ env|grep -w A
A=3
A=() { echo "My func"
Means that if someone sets such function in HTTP or something.. you would never see it if you just do $ABCD, only if you do env|grep ABCD
Posted Sep 25, 2014 17:52 UTC (Thu)
by gb (subscriber, #58328)
[Link] (2 responses)
Posted Sep 25, 2014 18:15 UTC (Thu)
by madscientist (subscriber, #16861)
[Link] (1 responses)
The typical functional API to the environment provided by C and other languages treats the environment as a set of key/value pairs, so using those functions it's usually not possible to have two variables with the same name. But, if you start a program with execve() for example you give your own list of strings as the environment for the child process, and the members of that list can be whatever you want.
Posted Sep 25, 2014 20:31 UTC (Thu)
by gb (subscriber, #58328)
[Link]
Posted Sep 26, 2014 11:05 UTC (Fri)
by marcH (subscriber, #57642)
[Link] (1 responses)
Just found this in the standard:
http://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html
"If more than one string in a process' environment has the same name the consequences are undefined."
Posted Sep 26, 2014 14:15 UTC (Fri)
by gb (subscriber, #58328)
[Link]
A remotely exploitable hole in bash
A remotely exploitable hole in bash
A remotely exploitable hole in bash
A remotely exploitable hole in bash
A remotely exploitable hole in bash
$ bash
$ f() { aaa; }
$ export -f f
$ export f=3
$ ksh
$ cat /proc/$$/environ |xargs -0 -n1|grep -w f
f=3
f=() { aaa
$ echo $f
3