ma
che fa? sembra un forkbombcodice:env VAR='() { :;};
ma
che fa? sembra un forkbombcodice:env VAR='() { :;};
la vulnerabilità è appunto non fare il parsing e quindi l'escape corretto (teorico, visto che come ho scritto è considerata una feature di Bash... Bash si aspetta che gli vengano passate variabili già controllate) delle variabili d'ambiente al subprocess... questo certo è in comune con molti forkbombOriginariamente inviata da sacarde
So, we're in the context of designing a unix shell, where subprocesses are created and run in a casual and normal manner. When creating a new subprocess, environment variables can be used to pass some data from the parent process to the child process. In the case of bash, it is a feature that has been wanted, to have some functions defined in the parent bash process also be transmitted and defined in the child bash process. Using environment variables to pass the definition of those functions is natural.
Where the implementation slightly went beyond the specifications, is that it also executes any command present after the definition of the function passed in an environment variable. Since it's usually the bash program which generates the value of the environment variables used to pass those functions, there's normally no further command. But in the context where bash was designed, if a user added commands to such environment variables, it could be still considered a feature. In any case, the child process is executed on behalf of the user who configured the environment variable, so there's no security consideration to matter.
Ultima modifica di andrea.paiola; 27-09-2014 a 17:17
Permessi di invio
Rispondi quotando