[OT Security PSA] Shellshock: Update your bash, now!

Nick Sabalausky via Digitalmars-d-announce digitalmars-d-announce at puremagic.com
Wed Oct 1 13:26:48 PDT 2014


On 10/01/2014 03:19 PM, Brad Roberts via Digitalmars-d-announce wrote:
> On 10/1/2014 6:41 AM, JN via Digitalmars-d-announce wrote:
>> On Wednesday, 1 October 2014 at 05:09:45 UTC, Nick Sabalausky wrote:
>>>
>>> Other OSes/distros are likely equally easy. Please, reply with
>>> examples to help ensure other people on the same OS/distro as you have
>>> no excuse not to update!
>>
>> I find it ironic that it's another "big global" security hole about
>> which Windows users don't even have to be concerned about.
>
> False.
>
> All of my windows boxes needed to be updated.  One of the first things I
> do on any new windows box is install cygwin to get a saner development
> environment with bash as my shell.
>

Yea. I've been very tempted to put bash on my Win desktops as well. 
Heck, I may even have some old installation of msys/mingw bash still 
lying around somewhere.

> I wouldn't be shocked at all if other windows apps bundle bash for one
> reason or another too.  It might not come as part of the base install
> (though given the huge pile of stuff that gets installed, I wouldn't put
> huge bets on it not lurking off in a dark corner somewhere), but that's
> not the end of the story.

Yup, Git comes to mind. (Or at least Git GUI?) Don't know whether that 
actually exposes any attack vectors, but I guess that's kinda the big 
question everyone's trying to find out, isn't it? "What are all the 
possible attack vectors of this flaw?" Some of them have been 
discovered, but who knows what else there may be.



More information about the Digitalmars-d-announce mailing list