[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gawk] Question regarding security of gawk CGI scripts
|
From: |
Miriam English |
|
Subject: |
Re: [bug-gawk] Question regarding security of gawk CGI scripts |
|
Date: |
Fri, 21 Nov 2014 07:16:04 +1000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20120604 Firefox/13.0 SeaMonkey/2.10 |
I'm not an expert in this so I could easily be wrong, but I'd got the
impression that this security flaw was a result of a vulnerability in
bash. The patches for bash v4.3 that fix this are up at:
https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
all 30 of them!, so I guess v4.4 will be released in the near future.
I thought Apache used bash to run programs, though as I say, I'm no
expert so I may well be wrong. I'd been told that systems using a
different shell (csh, ksh, zsh, ash, etc) remained safe.
--
If you don't have any failures then you're not trying hard enough.
- Dr. Charles Elachi, director of NASA's Jet Propulsion Laboratory
-----
Website: http://miriam-english.org
Blogs: http://miriam-e.dreamwidth.org
http://miriam-e.livejournal.com