Gary Gendel <g...@genashor.com> writes: > I believe we mostly skirt the issue because, unlike Linux, the default > shell (/bin/sh) is ksh93 not bash. This means that under normal > conditions we shouldn't have an issue. Only if your cgi scripts > actually request bash will apache be a problem. As for ssh, it > depends upon the login shell for the user.
So, do you mean that ksh93 does not have the vulnerability? _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss