>>>>> "Tim" == Tim <[email protected]> writes:
Tim> This vulnerability in bash is particularly nasty because even if Tim> you only ever call /bin/sh in a script or via system(3), popen(3) Tim> and friends, then you are likely still vulnerable because /bin/sh Tim> is a symlink to bash on many linux systems. And as Micah pointed Tim> out, the bugs aren't all fixed yet, even if you apply the initial Tim> patch. I would point out that if you have a shell already, this vulnerability does nothing to make your new shell any more powerful. The danger lies in places where you can provide input to a shell with more privileges. DHCP servers can provide shell-processed strings apparently, typically run as root to configure a client devices network. Some cgi scripts, assuming they fire off a privileged bash, would be vulnerable. -- Russell Senior, President [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
