nanog mailing list archives

Re: update

From: Valdis.Kletnieks () vt edu
Date: Wed, 24 Sep 2014 19:00:39 -0400

On Wed, 24 Sep 2014 18:50:05 -0400, Jim Popovitch said:

If someone is already invoking #!/bin/bash from a cgi, then they are
already doing it wrong (bash has massive bloat/overhead for a CGI script).


You sure you don't have *any* cgi's that do something like
system("mail -s 'cgi program xxyz hit fatal error' webadmin@localhost");
because all it takes is finding a way to force the fatal error while you
send a crafted User-Agent: header....

As Jim Popovitch said, bash usage is incredibly pervasive....

Attachment: _bin
Description:

Current thread:

Re: update, (continued)
- - - Re: update Randy Bush (Sep 24)
    - Re: update Hugo Slabbert (Sep 24)
    - Re: update JoeSox (Sep 25)
    - Re: update Joly MacFie (Sep 25)
- Re: update Jim Popovitch (Sep 24)
  - Re: update Brandon Whaley (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update Michael Thomas (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update Alain Hebert (Sep 24)
    - Re: update Valdis . Kletnieks (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update Daniel Jackson (Sep 24)
    - Re: update Chris Adams (Sep 24)
    - Re: update Jimmy Hess (Sep 24)
    - Re: update William Herrin (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update William Herrin (Sep 24)
    - Re: update Jim Popovitch (Sep 24)
    - Re: update William Herrin (Sep 24)
    - Re: update Jim Popovitch (Sep 24)

(Thread continues...)