oss-sec mailing list archives

Re: CVE-2014-6271: remote code execution through bash

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 25 Sep 2014 22:11:48 +0530

On 09/25/2014 09:49 PM, Solar Designer wrote:

I agree.  I only suggested it as an interim measure if you felt that a
more invasive change was not acceptable yet.

I think Florian's prefix-suffix patch is actually a better way to go
(right now, unless there's some drawback I am not yet aware of), and at
a later time function imports should require to be enabled with a
non-default option.

I agree with Alexander here, and strongly suggest that we should beusing Florain's prefix-suffix patch.



--
Huzaifa Sidhpurwala / Red Hat Product Security Team

Current thread:

Re: CVE-2014-6271: remote code execution through bash, (continued)
- - - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
    - Re: CVE-2014-6271: remote code execution through bash David A. Wheeler (Sep 26)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
    - Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)

(Thread continues...)