On 09/24/2014 07:27 PM, Chris Adams wrote: > On a client system, there are some potential routes to exploiting this > as well. For example, I think the DHCP and PPP clients will run > external scripts to configure things (such as DNS, NTP, etc.), using > environment variables to pass information, so a malicious server could > potentially get full root access to a vulnerable client system. In most > cases though, I don't think bash or /bin/sh get passed arbitrary remote > data in environment variables on a client system (e.g. desktop).
The DHCP vector is pretty scary for anyone who connects to untrusted networks (hotels, coffee shops, etc.). -- ======================================================================== Ian Pilcher arequip...@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
