On Fri, Sep 26, 2014 at 3:26 PM, Paul Graydon <[email protected]> wrote:
> Sure.. my point is more that a number of programs on your machine might be > calling bash without you realising it, and that this exploit doesn't > necessarily require someone to already have access to your laptop, which > was the assertion I was responding to. The passing unsanitized stuff via envars thing is not *that* common. If anything, I've found most developers don't understand the environment very well at all and won't use it beyond well known / "canned" stuff like getting $SHELL. -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
