oss-sec mailing list archives
Re: CVE-2014-6271: remote code execution through bash
From: Solar Designer <solar () openwall com>
Date: Thu, 25 Sep 2014 20:19:28 +0400
On Thu, Sep 25, 2014 at 11:36:24AM -0400, Chet Ramey wrote:
On 9/24/14, 8:14 PM, Solar Designer wrote:What about no longer inheriting functions with names that don't contain any lowercase letters?It's a heuristic like any other, but I think it's even more obscure and mysterious than the other suggestions.
I agree. I only suggested it as an interim measure if you felt that a more invasive change was not acceptable yet. I think Florian's prefix-suffix patch is actually a better way to go (right now, unless there's some drawback I am not yet aware of), and at a later time function imports should require to be enabled with a non-default option. Alexander
Current thread:
- Re: CVE-2014-6271: remote code execution through bash, (continued)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash David A. Wheeler (Sep 26)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)