Announcement

Collapse
No announcement yet.

FSF Issues Statement On Shellshock Bash Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • FSF Issues Statement On Shellshock Bash Vulnerability

    Phoronix: FSF Issues Statement On Shellshock Bash Vulnerability

    The Free Software Foundation has issued their response to this week's news of the "Shellshock" bug that affects Bash...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Political spin on a bad issue

    All I see is a bunch of political spin about how having GPL3 somehow magically fixes Bash. Well, any other even semi-open source license would be just as effective. They also don't mention that this bug *was in Bash for 25 years* and publicly available to organizations like the NSA/Russian mob/Chinese Govt./etc. who could easily exploit it without going out of their way to be nice and tell the rest of us about the issue.

    Comment


    • #3
      Originally posted by chuckula View Post
      All I see is a bunch of political spin about how having GPL3 somehow magically fixes Bash. Well, any other even semi-open source license would be just as effective. They also don't mention that this bug *was in Bash for 25 years* and publicly available to organizations like the NSA/Russian mob/Chinese Govt./etc. who could easily exploit it without going out of their way to be nice and tell the rest of us about the issue.
      Yeah, just shows that you dont have to join evil big companies to lie about and hide issues.

      Comment


      • #4
        Originally posted by discordian View Post
        Yeah, just shows that you dont have to join evil big companies to lie about and hide issues.
        dude, seriously ? ... how was the issue lied about or hidden in any way ?

        Bugs which affected older software for a long time are discovered on a regular basis.

        Comment


        • #5
          Since the CPUs and other hw have built-in backdoors, Shellshock isn't that big of an issue.

          Comment


          • #6
            Originally posted by mark45 View Post
            Since the CPUs and other hw have built-in backdoors, Shellshock isn't that big of an issue.
            Got proof?

            Comment


            • #7
              Still, EVERYONE UPDATE

              Still, everyone MUST abandon all tasks and update bash HERE AND NOW.

              This bug allows to pwn you when you just receive IP from DHCP server (and most of times it will be ROOT SHELL!). This bug allows to pwn many servers running CGI scripts. System administrators should ditch all other tasks and install updated version right now. This bug far worse than it could look at first glance. There're countless attack vectors.

              Comment


              • #8
                Sometimes I feel like the consequences of these bugs get blown a bit out of proportion.

                I am reading of people who are terrified that their routers and home security cameras are susceptible to attack and such because "they run Linux". But there are only a few vectors in which the attack is possible and these are limited to certain scenarios that most people's home computing devices aren't going to even have.

                Comment


                • #9
                  Originally posted by System25 View Post
                  Still, everyone MUST abandon all tasks and update bash HERE AND NOW.

                  This bug allows to pwn you when you just receive IP from DHCP server (and most of times it will be ROOT SHELL!). This bug allows to pwn many servers running CGI scripts. System administrators should ditch all other tasks and install updated version right now. This bug far worse than it could look at first glance. There're countless attack vectors.
                  I have an unpatched version of Ubuntu running Apache on my system right now. How can I break into my system?

                  Comment


                  • #10
                    Originally posted by System25 View Post
                    Still, everyone MUST abandon all tasks and update bash HERE AND NOW.

                    This bug allows to pwn you when you just receive IP from DHCP server (and most of times it will be ROOT SHELL!). This bug allows to pwn many servers running CGI scripts. System administrators should ditch all other tasks and install updated version right now. This bug far worse than it could look at first glance. There're countless attack vectors.
                    Panicking ain't helpful either, what would help the most is awareness. Seneral statement that you are gonna get owned if you connect to public wifi is false.
                    Sysadmins should indeed be aware of the problem and know wheather it affects them or not, but random users shouldn't be panicking.

                    And if we gonna bash GNU (pun intended), for something like 6 years there was an error in Windows XP print spooler (that runs in default winxp) that allowed to pwn machine remotely with ease and it took MS quite a while to acknowledge/fix the problem.

                    Comment

                    Working...
                    X