Hi
Interesting. I wonder how I concluded that it was just arithmetic
expressions. Do you want me to re-check it?
Segmentation faults can be problematic too, but it looks like we have
some protection against this CVE already. The question is whether the
subshell is actually executed before the sigs
Ola Lundqvist writes:
> Interesting. I wonder how I concluded that it was just arithmetic
> expressions. Do you want me to re-check it?
Yes please, might be a good idea.
> Segmentation faults can be problematic too, but it looks like we have
> some protection against this CVE already. The quest
I meant to include this test run:
(stretch-amd64-default)root@silverfish:/home/brian# SHLVL='2#11+x[$(/bin/echo
DANGER WILL ROBINSON >&2)0]' /usr/bin/ksh
Segmentation fault
DANGER WILL ROBINSON
As in no echo command is required.
Below is the full stack trace of the segfault (recompiled withou
