On Fri, Sep 26, 2014 at 03:27:06PM -0500, Paul Gilmartin wrote:
[...]
This is Bobby Tables all over again:
http://xkcd.com/327/
It relies on a bash extension which, however useful, violates POSIX by
restricting the value space of environment variables. The Wikipedia
example, slightly
] On Behalf
Of Paul Gilmartin
Sent: Thursday, September 25, 2014 5:06 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: OT - Bash Vunerability
On Thu, 25 Sep 2014 16:47:29 -0700, Charles Mills wrote:
While we're being OT here, can anyone explain this to me in practical terms?
Sally has a basic
On Thu, Sep 25, 2014 at 05:15:13PM -0700, Charles Mills wrote:
Thanks. I'm reading
http://en.wikipedia.org/wiki/Shellshock_(software_bug) and I sort of
get it.
I guess the worry is that the effects are so unknown.
There is a very nice description by Michal Zalewski, here:
On Fri, Sep 26, 2014 at 08:19:39PM +0200, Tomasz Rola wrote:
[...]
process, by using declare -F.
= (627 1): declare -F
Ooops, should be declare -f. Sorry.
declare -f fingerics
declare -f insertblade
declare -f prjstart
declare -f setcvs
declare -f subshell
declare -F dumped me
On Fri, 26 Sep 2014 20:19:39 +0200, Tomasz Rola wrote:
On Thu, Sep 25, 2014 at 05:15:13PM -0700, Charles Mills wrote:
Thanks. I'm reading
http://en.wikipedia.org/wiki/Shellshock_(software_bug) and I sort of
get it.
I guess the worry is that the effects are so unknown.
There is a very nice
I just saw this. Might be old news to some, but new to me.
http://tinyurl.com/k5xevos
In Heartbleed's wake, Bash flaw puts Linux, Mac OS users at risk
by Brandan Blevins, News Writer
Researchers say a 20-year-old vulnerability uncovered in the Bash shell,
found in Unix-based operating
Fairly new, as in just today. There are patches for SUSE and Redhat
Linux on z. I have applied the equivalent on my RedHat Fedora 20 on
Intel. I need to patch the BASH port on the CBTtape, but that is a
future (hopefully near future) event.
On Thu, Sep 25, 2014 at 10:44 AM, Lizette Koehler
It appeared several days ago in this week's US-CERT new-vulnerabilities summary.
Subscriptions to this summary are free, and those who have security
responsibilities should certainly be email subscribers. If you wait
to read about such problems you risk being without answers to
management
On Thu, 25 Sep 2014 12:18:53 -0400, John Gilmore wrote:
It appeared several days ago in this week's US-CERT new-vulnerabilities
summary.
Subscriptions to this summary are free, and those who have security
responsibilities should certainly be email subscribers. If you wait
to read about such
Substantive concern about exploits is minimal in many z/OS shops;
concern about looking bad to management is not. I chose what I judged
would be the more persuasive argument for keeping oneself informed.
John Gilmore, Ashland, MA 01721 - USA
taste you could reply privately. Thanks,
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of John McKown
Sent: Thursday, September 25, 2014 8:59 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: OT - Bash Vunerability
Fairly new
On Thu, 25 Sep 2014 16:47:29 -0700, Charles Mills wrote:
While we're being OT here, can anyone explain this to me in practical terms?
Sally has a basic everyday Mac running unpatched OS X. It is connected to the
Internet for Web browsing and e-mail, but she does not operate a Web server.
-2014-7169.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Paul Gilmartin
Sent: Thursday, September 25, 2014 5:06 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: OT - Bash Vunerability
On Thu, 25 Sep 2014 16:47:29 -0700, Charles
13 matches
Mail list logo
