[Cialug] Shellshock Bash Remote Code Execution Vulnerability
L. V. Lammert
lvl at omnitec.net
Thu Sep 25 16:10:40 CDT 2014
I agree that the bash vulnerability is serious, .. but there seem to be
some mitigatng factors that are not being observed in all the excitement:
1) Most modern web code uses a language with it's own environment (Rails,
PHP, ..). As such, the web page itself has no access to the enviornment.
We have not supported a cgi application in probably six or seven years!
2) We NEVER used bash for a cgi application, even when we did - sh was
always the best tool. KISS.
So, it sounds like most of the scare related to bad programming practices?
Not that they aren't important either, but nobody mentions reality!
Lee
More information about the Cialug
mailing list