Hi, all, My mother just sent me this, bless her heart:
http://www.wired.com/2014/09/internet-braces-crazy-shellshock-worm/ Management summary: CGI scripts which use bash (as opposed to /bin/sh, with the caveat that /bin/sh is an alias for bash on some systems) might _potentially_ be affected. Some of this article is downright FUD[1], some of it is not _necessarily_ FUD. i pass it on primarily because all my CGI Fossil repos (currently) use /bin/bash instead of /bin/sh (will be resolved momentarily). [1] = PHP does _not_ use bash to run scripts in any environment i've ever seen in 15 years of admin'ing PHP-using servers. (PHP has whole books' worth of other security problems, though, unrelated to this article. ;) -- ----- stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal "Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
