nanog mailing list archives
Re: update
From: Jim Popovitch <jimpop () gmail com>
Date: Wed, 24 Sep 2014 18:27:03 -0400
On Wed, Sep 24, 2014 at 6:17 PM, Brandon Whaley <redkrieg () gmail com> wrote:
The scope of the issue isn't limited to SSH, that's just a popular example people are using. Any program calling bash could potentially be vulnerable.
Agreed. My point was that bash is not all that popular on debian/ubuntu for accounts that would be running public facing services that would be processing user defined input (www-data, cgi-bin, list, irc, lp, mail, etc). Sure some non-privileged user could host their own cgi script on >:1024, but that's not really a critical "stop the presses!!" upgrade issue, imho. -Jim P.
Current thread:
- Re: update, (continued)
- Re: update Jared Mauch (Sep 24)
- Re: update Spencer Gaw (Sep 24)
- Re: update Randy Bush (Sep 24)
- Re: update Spencer Gaw (Sep 24)
- Re: update Randy Bush (Sep 24)
- Re: update Hugo Slabbert (Sep 24)
- Re: update JoeSox (Sep 25)
- Re: update Joly MacFie (Sep 25)
- Re: update Randy Bush (Sep 24)
- Re: update Brandon Whaley (Sep 24)
- Re: update Jim Popovitch (Sep 24)
- Re: update Michael Thomas (Sep 24)
- Re: update Jim Popovitch (Sep 24)
- Re: update Alain Hebert (Sep 24)
- Re: update Valdis . Kletnieks (Sep 24)
- Re: update Jim Popovitch (Sep 24)
- Re: update Daniel Jackson (Sep 24)
- Re: update Chris Adams (Sep 24)
- Re: update Jimmy Hess (Sep 24)
- Re: update William Herrin (Sep 24)
- Re: update Jim Popovitch (Sep 24)