foo ...
http://www.openwall.com/lists/oss-security/2014/09/24/17
"Note that on Linux systems where /bin/sh is symlinked to /bin/bash,
any popen() / system() calls from within languages such as PHP would
be of concern due to the ability to control HTTP_* in the env.
/mz"
$ ls -la /bin/sh
lrwxrwx
This could also be abused if you ever add any ENV variables that can
come from a user.
https://gist.github.com/cantino/9fe5f338e5027a46e2eb
--
Posted via http://www.ruby-forum.com/.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailm
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
additional references:
Advisory CVE-2014-6271: remote code execution through bash (
