On 09/25/2014 11:21 AM, Nick Bowler wrote: > On 2014-09-25 08:55 -0600, Eric Blake wrote: >> On 09/25/2014 07:51 AM, Bob Friesenhahn wrote: >>> It may be that some users of 'autoconf' will be at risk due to the dire >>> bash security bug described at >>> "http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/";. >>> >>> Take care that the environment is carefully vetted. >> >> There's nothing that ./configure can do to avoid the buggy bash, but it >> may indeed be worth patching autoconf to generate configure scripts that >> issue a loud warning if the buggy shell is detected on the user's >> system. I'll look into doing that. > > The most surprising thing I learned from this whole ordeal is that > there are strings consisting entirely of printable characters that > are not portable to store in exported shell variables. And _that's_ what I want changed, by proposing that bash use 'f()=...' rather than 'f=() {...' as the magic it uses for exporting functions from parent to child. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Autoconf mailing list Autoconf@xxxxxxx https://lists.gnu.org/mailman/listinfo/autoconf
