bug-gawk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] Question regarding security of gawk CGI scripts

From: Aharon Robbins
Subject: Re: [bug-gawk] Question regarding security of gawk CGI scripts
Date: Fri, 21 Nov 2014 08:42:17 +0200
User-agent: Heirloom mailx 12.5 6/20/10 
Hi.

> Date: Fri, 21 Nov 2014 07:16:04 +1000
> From: Miriam English <address@hidden>
> CC: address@hidden
> Subject: Re: [bug-gawk] Question regarding security of gawk CGI scripts
>
> I'm not an expert in this so I could easily be wrong, but I'd got the 
> impression that this security flaw was a result of a vulnerability in 
> bash. The patches for bash v4.3 that fix this are up at:
> https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
> all 30 of them!, so I guess v4.4 will be released in the near future.
>
> I thought Apache used bash to run programs, though as I say, I'm no 
> expert so I may well be wrong. I'd been told that systems using a 
> different shell (csh, ksh, zsh, ash, etc) remained safe.

Assaf Gordon posted a nice description of what the issue is; it is
totally unrelated to the Bash problem.

Thanks,

Arnold
reply via email to
[Prev in Thread] Current Thread [Next in Thread]