oss-sec mailing list archives

Re: Healing the bash fork

From: Ed Prevost <me () edwardprevost info>
Date: Tue, 30 Sep 2014 08:27:24 -0700

On 9/30/2014 6:41 AM, Kobrin, Eric wrote:

"innocuous looking setuid program" made my day ;)
We should take care not to blame all and everything to bash.

I don't find that blame is a useful tool for fixing security problems. What's more interesting to me is: what system 
components are in a position to help. If a change in bash can make a bunch of "innocuous looking setuid programs" not 
be  vectors for the import of malicious functions, let's do it.

+1 and I swear I'm not some groupie fan-boy paid by Eric.

Current thread:

Re: Healing the bash fork Mark R Bannister (Sep 30)
- <Possible follow-ups>
- Re: Healing the bash fork Sven Kieske (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
  - Re: Healing the bash fork Kobrin, Eric (Sep 30)
    - Re: Healing the bash fork Sebastian Krahmer (Sep 30)
    - Re: Healing the bash fork John Haxby (Sep 30)
    - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
  - Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)
  - Re: Healing the bash fork Ed Prevost (Sep 30)
    - Re: Healing the bash fork Zach Wikholm (Sep 30)
    - Re: Healing the bash fork David A. Wheeler (Sep 30)
    - Re: Healing the bash fork Michal Zalewski (Sep 30)
    - Re: Healing the bash fork Stuart D. Gathman (Sep 30)

(Thread continues...)