On Fri, Sep 26, 2014 at 1:49 PM, Joe Morris <jol...@panix.com> wrote:
> The versions of zsh I have available are all vulnerable as well as Korn > Shell > on NetBSD (can't remember if that's the real thing or a clone) > Er? zsh here is not vulnerable, although it has its own kinds of issues. Then again, zsh doesn't really want you to be using it for core system stuff or anything security related --- they know full well it has a lot of stuff that has never been tested for security --- whereas bash encourages that kind of use. True ksh is also not vulnerable (it has, or had, a limited form of "function exporting" but did not use the environment). -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
