[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gawk] Question regarding security of gawk CGI scripts
From: |
Aharon Robbins |
Subject: |
Re: [bug-gawk] Question regarding security of gawk CGI scripts |
Date: |
Fri, 21 Nov 2014 08:42:17 +0200 |
User-agent: |
Heirloom mailx 12.5 6/20/10 |
Hi.
> Date: Fri, 21 Nov 2014 07:16:04 +1000
> From: Miriam English <address@hidden>
> CC: address@hidden
> Subject: Re: [bug-gawk] Question regarding security of gawk CGI scripts
>
> I'm not an expert in this so I could easily be wrong, but I'd got the
> impression that this security flaw was a result of a vulnerability in
> bash. The patches for bash v4.3 that fix this are up at:
> https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
> all 30 of them!, so I guess v4.4 will be released in the near future.
>
> I thought Apache used bash to run programs, though as I say, I'm no
> expert so I may well be wrong. I'd been told that systems using a
> different shell (csh, ksh, zsh, ash, etc) remained safe.
Assaf Gordon posted a nice description of what the issue is; it is
totally unrelated to the Bash problem.
Thanks,
Arnold