On 10/10/14, 10:00 AM, Nabiałek, Wojciech wrote:
> [root@e-mail wojtek]# (for x in {1..200} ; do echo "for x$x in ; do :"; done;
> for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187
> vulnerable, word_lineno"
> bash: line 2: `x{1..200}': not a valid identifier
> CVE-2014-7187 vulnerable, word_lineno
Yeah, that's a flawed test. I'm sure the author never thought that the
test would be run by a shell that didn't implement brace expansion, but
you managed to do it.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
