Thread: Sailfish OS bash shell is affected by the #shellshock bug
View Single Post
javispedro's Avatar
javispedro is offline javispedro
2014-09-25 , 09:29
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#8
Originally Posted by nieldk View Post
So, applications that expose some of the functionality that is vulnerable (abitrary environment variables) could be used to get at least shell code execution as current user.
Yes, you defined it the way I see it. So if you could think of _anywhere_ in which this situation happens on a Jolla or even a normal workstation* then there might be a problem. Otherwise this is not exploitable at all.

*No, running sshd alone does not mean you're vulnerable. If on the other hand you were expecting that people ssh'ing would not be able to run arbitrary code you're in for a nasty surprise (e.g. stupid centralized Git servers, sftp-only servers -- shared hosting, etc.)