Re: bash exorcism experiment ('bug' 762923 & 763012)

To: debian-devel@lists.debian.org
Subject: Re: bash exorcism experiment ('bug' 762923 & 763012)
From: Russ Allbery <rra@debian.org>
Date: Thu, 02 Oct 2014 08:33:17 -0700
Message-id: <[🔎] 87fvf6xz9e.fsf@hope.eyrie.org>
In-reply-to: <[🔎] CAH_OBicuTg4fNi0Zr2X=4Qg12-AdF5nH=cSy8=4BRv7Uj2Ng1w@mail.gmail.com> (shawn wilson's message of "Thu, 2 Oct 2014 10:06:50 -0400")
References: <20140927153218.GB1755@nl.grid.coop> <20140927163017.GA7300@grep.be> <20140927181845.GA2816@gaara.hadrons.org> <20140927184257.GA26444@x230-buxy.home.ouaza.com> <20140928021144.GE1755@nl.grid.coop> <20140928083350.GA4738@riva.ucam.org> <1411893590.6958.92.camel@russell-laptop.pc.brisbane.lube> <alpine.DEB.2.11.1409301305070.20674@tglase.lan.tarent.de> <1412120586.5591.14.camel@russell-laptop.pc.brisbane.lube> <[🔎] CAH_OBicuTg4fNi0Zr2X=4Qg12-AdF5nH=cSy8=4BRv7Uj2Ng1w@mail.gmail.com>

shawn wilson <ag4ve.us@gmail.com> writes:

> I hate the idea of dash. It's not more secure (see vmware cve for an
> example) and I think it was more of an accident than anything else this
> didn't hit dash too.

The fact that this specific problem didn't hit dash certainly isn't an
accident.  The exploited functionality simply doesn't exist in dash.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: bash exorcism experiment ('bug' 762923 & 763012)
  - From: shawn wilson <ag4ve.us@gmail.com>

References:
- Re: bash exorcism experiment ('bug' 762923 & 763012)
  - From: shawn wilson <ag4ve.us@gmail.com>

Prev by Date: Re: bash exorcism experiment ('bug' 762923 & 763012)
Next by Date: Re: bash exorcism experiment ('bug' 762923 & 763012)
Previous by thread: Re: bash exorcism experiment ('bug' 762923 & 763012)
Next by thread: Re: bash exorcism experiment ('bug' 762923 & 763012)
Index(es):
- Date
- Thread