nanog mailing list archives

Re: update

From: Jim Popovitch <jimpop () gmail com>
Date: Wed, 24 Sep 2014 18:27:03 -0400

On Wed, Sep 24, 2014 at 6:17 PM, Brandon Whaley <redkrieg () gmail com> wrote:

The scope of the issue isn't limited to SSH, that's just a popular
example people are using.  Any program calling bash could potentially
be vulnerable.


Agreed.  My point was that bash is not all that popular on
debian/ubuntu for accounts that would be running public facing
services that would be processing user defined input (www-data,
cgi-bin, list, irc, lp, mail, etc).  Sure some non-privileged user
could host their own cgi script on >:1024, but that's not really a
critical "stop the presses!!" upgrade issue, imho.

-Jim P.

Current thread:

Re: update, (continued)
- Re: update Jared Mauch (Sep 24)
- Re: update Spencer Gaw (Sep 24)
  - Re: update Randy Bush (Sep 24)
    - Re: update Spencer Gaw (Sep 24)
    - Re: update Randy Bush (Sep 24)
    - Re: update Hugo Slabbert (Sep 24)
    - Re: update JoeSox (Sep 25)
    - Re: update Joly MacFie (Sep 25)
- Re: update Jim Popovitch (Sep 24)
  - Re: update Brandon Whaley (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update Michael Thomas (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update Alain Hebert (Sep 24)
    - Re: update Valdis . Kletnieks (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update Daniel Jackson (Sep 24)
    - Re: update Chris Adams (Sep 24)
    - Re: update Jimmy Hess (Sep 24)
    - Re: update William Herrin (Sep 24)
    - Re: update Jim Popovitch (Sep 24)

(Thread continues...)