autoconf
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bash security issue

From: Eric Blake
Subject: Re: Bash security issue
Date: Thu, 25 Sep 2014 09:53:14 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 
On 09/25/2014 09:45 AM, Shawn H Corey wrote:
> On Thu, 25 Sep 2014 08:55:45 -0600
> Eric Blake <address@hidden> wrote:
> 
>> On 09/25/2014 07:51 AM, Bob Friesenhahn wrote:
>>> It may be that some users of 'autoconf' will be at risk due to the
>>> dire bash security bug described at
>>> "http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/";.
>>>
>>> Take care that the environment is carefully vetted.
>>
>> There's nothing that ./configure can do to avoid the buggy bash, but
>> it may indeed be worth patching autoconf to generate configure
>> scripts that issue a loud warning if the buggy shell is detected on
>> the user's system.  I'll look into doing that.
>>
> 
> You may be premature. I think the patch will be out before Monday. If
> so, your effort will be wasted. :)

Huh? There is no wasted effort in teaching configure scripts to warn
users that they are running on an unpatched vulnerable system.  Just
because a fix may be available doesn't mean everyone is running the fix.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]