script errors about shellshocker HOT 5 CLOSED

Does the above commit address your bash/ksh concerns?

I didn't understand the need for the suggested modification to L49. Can you explain?

from shellshocker.

That commit should make the script sh compat again, yes.

It is just not good practice to parse ls. It shouldn't be an issue in this script since all the filenames are known, but it's not needed. the shell can iterate over files using globbing without using ls. ls is for human consumption.

from shellshocker.

When I run the shellshock_test.sh on one of my debian 7.0 systems I get a segfault:

~# ./shellshock_test.sh
CVE-2014-6271 (original shellshock): VULNERABLE
./shellshock_test.sh: line 16: 13511 Segmentation fault bash -c "f() { x() { _;}; x() { _;} <<a; }" 2> /dev/null
CVE-2014-6277 (segfault): VULNERABLE
CVE-2014-6278 (Florian's patch): VULNERABLE
CVE-2014-7169 (taviso bug): VULNERABLE
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable

As far as I understood the shell code it is no harm to the proper functioning of the shell shock test but it can be avoided ;)
I modified line 16 to look like this, and the segfault is not shown anymore:

eval CVE20146277=$((bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable) | grep 'vulnerable' | wc -l)

HTH and keep up the good work!

cheers

from shellshocker.

@sock3t nice find

Line 50 poses a segfault also

from shellshocker.

5y old issue. bye.

from shellshocker.