Am Sonntag, dem 16.10.2022 um 03:56 -0400 schrieb Philip McGrath: > I don't think I understand this. Does it mean that, in the following, > I am running a Bash that wouldn't have security bugs fixed? If so, > that seems quite bad! You would, but note that in order to exploit this, you would have to exploit glibc – which can be grafted and could also be built against a fixed bash. That is, we'd first have to define bash-static-fixed and then glibc-fixed whose bash-static input is replaced with bash-static- fixed. Note that this makes sense for a single package, but obviously doesn't scale well.
Cheers
