[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Vulnerability Reporting

From: Dan Douglas
Subject: Re: Security Vulnerability Reporting
Date: Fri, 26 Feb 2016 10:13:44 -0600

On Fri, Feb 26, 2016 at 10:02 AM, Eric Blake <address@hidden> wrote:
> Very few bugs in bash are security vulnerabilities (shellshock being the
> obvious exception).  Yes, bash has bugs, but in most cases, what people
> think are security bugs in bash are actually poorly-written shell
> functions that crash for the user, but which can't exploit bash to
> escalate the user's privileges.

All true. To be a genuine issue it usually has to be something that
causes a security problem in programs that utilize bash independent of
the script being run, or which exploits some common aspect of any script
that couldn't have been foreseen. The script is usually to blame.

Dan Douglas

reply via email to

[Prev in Thread] Current Thread [Next in Thread]