On Fri, Sep 26, 2014 at 1:49 PM, Joe Morris <[email protected]> wrote:
> The versions of zsh I have available are all vulnerable as well as Korn > Shell > on NetBSD (can't remember if that's the real thing or a clone) > Er? zsh here is not vulnerable, although it has its own kinds of issues. Then again, zsh doesn't really want you to be using it for core system stuff or anything security related --- they know full well it has a lot of stuff that has never been tested for security --- whereas bash encourages that kind of use. True ksh is also not vulnerable (it has, or had, a limited form of "function exporting" but did not use the environment). -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
