Not so long ago, [email protected] wrote:
> Joe Morris <[email protected]> wrote:
>
> > The versions of zsh I have available are all vulnerable as well as Korn
> > Shell
> > on NetBSD (can't remember if that's the real thing or a clone)
>
> [citation needed]
>
> I can't reproduce this for either. Can you show you tested this and
> found it to be vulnerable?
Could very well be a flawed test. It's not failing on NetBSD now, but still
is on OS X. I didn't think to grab the version for either before
ubik% env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"
busted
stuff
ubik% echo $ZSH_VERSION
5.0.2
ubik% echo $0
zsh
ubik% type zsh
zsh is /bin/zsh
ubik% /bin/zsh --version
zsh 5.0.2 (x86_64-apple-darwin13.0)
That test came from
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
Not sure that anyone is using zsh for cgi-bin, and mine is obviously old.
It's still my favorite interactive shell
--
Joe Morris Atlanta history blog
[email protected] http://atlhistory.com
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
