>>>>> "Russell" == Russell Senior <[email protected]> writes:
>>>>> "Tim" == Tim <[email protected]> writes: Tim> This vulnerability in bash is particularly nasty because even if Tim> you only ever call /bin/sh in a script or via system(3), popen(3) Tim> and friends, then you are likely still vulnerable because /bin/sh Tim> is a symlink to bash on many linux systems. And as Micah pointed Tim> out, the bugs aren't all fixed yet, even if you apply the initial Tim> patch. Russell> I would point out that if you have a shell already, this Russell> vulnerability does nothing to make your new shell any more Russell> powerful. The danger lies in places where you can provide Russell> input to a shell with more privileges. DHCP servers can Russell> provide shell-processed strings apparently, typically run as Russell> root to configure a client devices network. Some cgi Russell> scripts, assuming they fire off a privileged bash, would be Russell> vulnerable. See: https://en.wikipedia.org/wiki/Shellshock_%28software_bug%29 for some exploitation scenarios. -- Russell Senior, President [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
