|
|
|
|
|
|
by bodyfour
4289 days ago
|
|
|
Yes, if you have full control over the environment you can make all sorts of havoc ($PATH, $LD_PRELOAD, ...) What made shellshock special is that you only needed to control the value of a variable, not its name. I don't see how this qualifies as much of a vulnerability. Maybe now that bash's imported-function feature is better known we'll see it leveraged as part of a multi-step attack though. |
|
|