On Fri, Sep 26, 2014 at 6:28 PM, James Hogarth <james.hoga...@gmail.com> wrote:
> On 26 Sep 2014 05:46, "Cliff Pratt" <enkiduonthe...@gmail.com> wrote: > > > > Take the case of an Apache Bash CGI. This will have been loaded when > Apache > > started, so Apache will have to be restarted to get the new one. There > may > > be other similar cases. So the best thing is to reboot. > > > > This is false and a major misunderstanding of the vulnerability. > > 1) the vulnerability is just during initialisation of bash. Once it is > running it is beyond the vulnerable stage and needs no restarting > 2) in a CGI of #!/bin/bash or for a system call with any other language for > CGI bash gets executed on demand... It does not do what you say... > You are 100% correct, sir. Sorry about the noise...... Cheers, Cliff _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
