[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on nx and OSX (original) (raw)
Cameron Simpson cs at zip.com.au
Sat Sep 27 00:11:57 CEST 2014
- Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 26Sep2014 13:16, Antoine Pitrou <solipsis at pitrou.net> wrote:
On Fri, 26 Sep 2014 01:10:53 -0700 Hasan Diwan <hasan.diwan at gmail.com> wrote:
On 26 September 2014 00:28, Matěj Cepl <mcepl at cepl.eu> wrote: > Where does your faith that other /bin/sh implementations (dash, > busybox, etc.) are less buggy comes from?
The fact that they are simpler, in terms of lines of code. It's no guarantee, but the less a given piece of code does, the less bugs it will have. -- H And that they have less "features" (which is certainly correlated to their simplicity). IIUC, the misimplemented feature leading to this vulnerability is a bash-ism.
IIRC you could export functions in ksh. Or maybe only aliases. But that implies most POSIX shells may support it.
I've never seen the point myself; it is not a feature I've ever needed.
Cheers, Cameron Simpson <cs at zip.com.au>
Follow! But! Follow only if ye be men of valor, for the entrance to this cave is guarded by a creature so foul, so cruel that no man yet has fought with it and lived! Bones of four fifty men lie strewn about its lair. So, brave knights, if you do doubt your courage or your strength, come no further, for death awaits you all with nasty big pointy teeth.
- Tim The Enchanter
- Previous message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Next message: [Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]