oss-sec mailing list archives

Re: CVE-2014-6271: remote code execution through bash

From: Chet Ramey <chet.ramey () case edu>
Date: Thu, 25 Sep 2014 19:40:50 -0400

On 9/25/14, 12:19 PM, Solar Designer wrote:

I think Florian's prefix-suffix patch is actually a better way to go
(right now, unless there's some drawback I am not yet aware of), and at
a later time function imports should require to be enabled with a
non-default option.


Yes, some variant of that will be the next thing to work on.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/

Current thread:

Re: CVE-2014-6271: remote code execution through bash, (continued)
- - - Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
    - Re: CVE-2014-6271: remote code execution through bash David A. Wheeler (Sep 26)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)

(Thread continues...)