Re: What 'sh' should 'system' use?

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What 'sh' should 'system' use?

From:	Liliana Marie Prikler
Subject:	Re: What 'sh' should 'system' use?
Date:	Sun, 16 Oct 2022 10:23:02 +0200
User-agent:	Evolution 3.46.0

Am Sonntag, dem 16.10.2022 um 03:56 -0400 schrieb Philip McGrath:
> I don't think I understand this. Does it mean that, in the following,
> I am running a Bash that wouldn't have security bugs fixed? If so,
> that seems quite bad!
You would, but note that in order to exploit this, you would have to
exploit glibc – which can be grafted and could also be built against a
fixed bash.  That is, we'd first have to define bash-static-fixed and
then glibc-fixed whose bash-static input is replaced with bash-static-
fixed.  Note that this makes sense for a single package, but obviously
doesn't scale well.

Cheers

[Prev in Thread]

Current Thread

[Next in Thread]

Re: What 'sh' should 'system' use?, Ludovic Courtès, 2022/10/01
- Re: What 'sh' should 'system' use?, Philip McGrath, 2022/10/15
  - Re: What 'sh' should 'system' use?, Liliana Marie Prikler, 2022/10/16
    - Re: What 'sh' should 'system' use?, Philip McGrath, 2022/10/16
    - Re: What 'sh' should 'system' use?, Liliana Marie Prikler <=
  - Re: What 'sh' should 'system' use?, Ludovic Courtès, 2022/10/19

Prev by Date: Re: What 'sh' should 'system' use?
Next by Date: GNU Mes 0.24.1 released
Previous by thread: Re: What 'sh' should 'system' use?
Next by thread: Re: What 'sh' should 'system' use?
Index(es):
- Date
- Thread