[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash security issue
From: |
Nick Bowler |
Subject: |
Re: Bash security issue |
Date: |
Fri, 26 Sep 2014 11:02:35 -0400 |
User-agent: |
Mutt/1.5.22 (2013-10-16) |
On 2014-09-25 19:14 -0400, Shawn H Corey wrote:
> On Thu, 25 Sep 2014 09:53:14 -0600
> Eric Blake <address@hidden> wrote:
> > Huh? There is no wasted effort in teaching configure scripts to warn
> > users that they are running on an unpatched vulnerable system. Just
> > because a fix may be available doesn't mean everyone is running the
> > fix.
>
> That's only a partial solution. The problem is with bash(1), not your
> scripts. If you warn about one security issue, then people will count
> on you to warn them about _all_ the security issues. People are lazy
> and will jump to conclusions to avoid work.
C compilers issue warnings for some buggy code, but nobody reasonably
expects them to warn about all possible bugs.
In this case, the bug implies a compatibility issue as well. So it is
prudent to warn users that the configure script may not run correctly,
and that they should update their shells to a fixed version.
Cheers,
--
Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/)
- Bash security issue, Bob Friesenhahn, 2014/09/25
- Re: Bash security issue, Eric Blake, 2014/09/25
- Re: Bash security issue, Eric Blake, 2014/09/25
- Re: Bash security issue, Shawn H Corey, 2014/09/25
- Re: Bash security issue, Ralf Corsepius, 2014/09/29
- Re: Bash security issue, Eric Blake, 2014/09/29
- Re: Bash security issue, Ralf Corsepius, 2014/09/29
- Re: Bash security issue, Paul Eggert, 2014/09/29
- Re: Bash security issue, Henrique de Moraes Holschuh, 2014/09/29
- Re: Bash security issue, Eric Blake, 2014/09/29
- Re: Bash security issue, Nick Bowler, 2014/09/29
Re: Bash security issue, Bob Friesenhahn, 2014/09/25
Re: Bash security issue, Nick Bowler, 2014/09/25