Well, as much as the shell is a separate class of execution environment,
it seems the trouble is mostly with strict AppArmor profile writing.
Metacharacter vulnerabilities would allow the execution of other tools
that do allow networking (nc, perl, python, awk). The only kind of
attack that would be exclusively solved would be when "$(`" are
filtered, but not "<>". This seems like too small an attack surface to
justifying a delta from Debian, much less a delta from every other
distribution.
** Changed in: bash (Ubuntu Karmic)
Status: Confirmed => Won't Fix
** Changed in: bash (Ubuntu Maverick)
Status: Confirmed => Won't Fix
** Changed in: bash (Ubuntu Lucid)
Status: Confirmed => Won't Fix
** Changed in: bash (Ubuntu Natty)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/712662
Title:
network redirection has been enabled
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
