On 2014-09-25 08:55 -0600, Eric Blake wrote: > On 09/25/2014 07:51 AM, Bob Friesenhahn wrote: > > It may be that some users of 'autoconf' will be at risk due to the dire > > bash security bug described at > > "http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/";. > > > > Take care that the environment is carefully vetted. > > There's nothing that ./configure can do to avoid the buggy bash, but it > may indeed be worth patching autoconf to generate configure scripts that > issue a loud warning if the buggy shell is detected on the user's > system. I'll look into doing that. The most surprising thing I learned from this whole ordeal is that there are strings consisting entirely of printable characters that are not portable to store in exported shell variables. Cheers, -- Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/) _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
