On 09/25/2014 09:45 AM, Shawn H Corey wrote: > On Thu, 25 Sep 2014 08:55:45 -0600 > Eric Blake <eblake@xxxxxxxxxx> wrote: > >> On 09/25/2014 07:51 AM, Bob Friesenhahn wrote: >>> It may be that some users of 'autoconf' will be at risk due to the >>> dire bash security bug described at >>> "http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/";. >>> >>> Take care that the environment is carefully vetted. >> >> There's nothing that ./configure can do to avoid the buggy bash, but >> it may indeed be worth patching autoconf to generate configure >> scripts that issue a loud warning if the buggy shell is detected on >> the user's system. I'll look into doing that. >> > > You may be premature. I think the patch will be out before Monday. If > so, your effort will be wasted. :) Huh? There is no wasted effort in teaching configure scripts to warn users that they are running on an unpatched vulnerable system. Just because a fix may be available doesn't mean everyone is running the fix. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
