Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Feb 2015 09:30:29 +0000
From: John Haxby <john.haxby@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: wordexp(3)

On 10/02/15 17:57, Rich Felker wrote:
> Obviously implementations using /bin/sh were
> vulnerable to shellshock on systems where /bin/sh is bash.

I must admit, that was my first thought.

Closely followed by wondering whether this gives an interesting new
vector in spite of the BASH_FUNC_...() wrapper.

jch

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ