Re: Critical update for bash released today.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, Sep 26, 2014 at 6:28 PM, James Hogarth <james.hogarth@xxxxxxxxx>
wrote:

> On 26 Sep 2014 05:46, "Cliff Pratt" <enkiduonthenet@xxxxxxxxx> wrote:
> >
> > Take the case of an Apache Bash CGI. This will have been loaded when
> Apache
> > started, so Apache will have to be restarted to get the new one. There
> may
> > be other similar cases. So the best thing is to reboot.
> >
>
> This is false and a major misunderstanding of the vulnerability.
>
> 1) the vulnerability is just during initialisation of bash. Once it is
> running it is beyond the vulnerable stage and needs no restarting
> 2) in a CGI of #!/bin/bash or for a system call with any other language for
> CGI bash gets executed on demand... It does not do what you say...
>

You are 100% correct, sir. Sorry about the noise......

Cheers,

Cliff
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux