On Fri, Feb 26, 2016 at 10:02 AM, Eric Blake <ebl...@redhat.com> wrote: > Very few bugs in bash are security vulnerabilities (shellshock being the > obvious exception). Yes, bash has bugs, but in most cases, what people > think are security bugs in bash are actually poorly-written shell > functions that crash for the user, but which can't exploit bash to > escalate the user's privileges.
All true. To be a genuine issue it usually has to be something that causes a security problem in programs that utilize bash independent of the script being run, or which exploits some common aspect of any script that couldn't have been foreseen. The script is usually to blame. -- Dan Douglas
