oss-sec mailing list archives

Re: Healing the bash fork

From: "Kobrin, Eric" <ekobrin () akamai com>
Date: Tue, 30 Sep 2014 08:41:24 -0500

"innocuous looking setuid program" made my day ;)

We should take care not to blame all and everything to bash.


I don't find that blame is a useful tool for fixing security problems. What's more interesting to me is: what system 
components are in a position to help. If a change in bash can make a bunch of "innocuous looking setuid programs" not 
be  vectors for the import of malicious functions, let's do it.

Current thread:

Re: Healing the bash fork Mark R Bannister (Sep 30)
- <Possible follow-ups>
- Re: Healing the bash fork Sven Kieske (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
  - Re: Healing the bash fork Kobrin, Eric (Sep 30)
    - Re: Healing the bash fork Sebastian Krahmer (Sep 30)
    - Re: Healing the bash fork John Haxby (Sep 30)
    - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
  - Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)
  - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Zach Wikholm (Sep 30)

(Thread continues...)