On Fri, Sep 26, 2014 at 10:34 PM, Doug Newgard <scimmia@xxxxxxxxxxxxxx> wrote:
>> Some programs may call bash by name, but many will just use system() and
>> get bash without asking for it.
>>
>> From man 3 system:
>>
>> The system() library function uses fork(2) to create a child process that
>>>
>>> executes the shell command specified in command using execl(3) as
>>> follows: execl("/bin/sh", "sh", "-c", command, (char *) 0);
>>>
>
> Instead of theorizing that "many" will do this, give a real world example of
> where this happens and would have reduced the attack surface of the bug in
> question.
I don't need to see a man jump into a volcano to know it would burn.
Anyway, as I stated in an earlier mail, this is not specifically about
this bash bug, although it's a good motivation. We shouldn't fixate on it.
Drake Wilson put very well the rationale in his first mail.
I couldn't have said it better.
