Re: Security Vulnerability Reporting

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Vulnerability Reporting

From:	Dan Douglas
Subject:	Re: Security Vulnerability Reporting
Date:	Fri, 26 Feb 2016 10:13:44 -0600

On Fri, Feb 26, 2016 at 10:02 AM, Eric Blake <eblake@redhat.com> wrote:
> Very few bugs in bash are security vulnerabilities (shellshock being the
> obvious exception).  Yes, bash has bugs, but in most cases, what people
> think are security bugs in bash are actually poorly-written shell
> functions that crash for the user, but which can't exploit bash to
> escalate the user's privileges.

All true. To be a genuine issue it usually has to be something that
causes a security problem in programs that utilize bash independent of
the script being run, or which exploits some common aspect of any script
that couldn't have been foreseen. The script is usually to blame.

-- 
Dan Douglas

[Prev in Thread]

Current Thread

[Next in Thread]

Security Vulnerability Reporting, Travis Garrell, 2016/02/26
- Re: Security Vulnerability Reporting, Eric Blake, 2016/02/26
  - Re: Security Vulnerability Reporting, Dan Douglas <=
    - Re: Security Vulnerability Reporting, Chet Ramey, 2016/02/26
- Re: Security Vulnerability Reporting, Dan Douglas, 2016/02/26

Prev by Date: Re: Security Vulnerability Reporting
Next by Date: Re: Security Vulnerability Reporting
Previous by thread: Re: Security Vulnerability Reporting
Next by thread: Re: Security Vulnerability Reporting
Index(es):
- Date
- Thread