|
|
|
|
|
|
by mzs
4279 days ago
|
|
|
"the most recent way to exploit it is to export an environment variable of, say, ls to a bash function." Even before the redhat patch you would need something to set echo=() { ... but how will an attacker do that when they can only set something like HTTP_USER_AGENT=() { ... ? See how overriding a builtin is not and never was a vulnerability? |
|
|