Originally posted by DaveB
View Post
-
I would never expose BASH to the internet, it's not designed for it. Use a proper server side programming language. If people have been using it on routers etc then it's their fault. -
We in the AIX community eschewed bash before it even got a hold and as such you won't find bash on any AIX box except if some balloon who can't use vi as a command line editor installed the admittedly IBM-packaged fileset...Comment
-
Don't jump to conclusions.Originally posted by Unix View PostIf only people used Windows, it never had any security issues......
There are commercial alternatives to Windows.Behold the warranty -- the bold print giveth and the fine print taketh away.Comment
-
OS X started out with tcsh as the default shell. Dunno why they changed it to bash.Originally posted by stek View PostBehold the warranty -- the bold print giveth and the fine print taketh away.Comment
-
Did I say it hadn't?Originally posted by Unix View PostIf only people used Windows, it never had any security issues......
No need to get personal about it. Everything I posted was true. Just because everyone else uses some software doesn't mean you can inherently trust it. If there is a major issue in a piece of commercial software then the company who wrote it is responsible for it. When stuff like this happens you are dependant either on one guy who is a volunteer or on unrelated third parties to step in and ensure it gets fixed. You have no control and no recourse if it causes you any damage."Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.Comment
-
The issue isn't with edge kit. It's running on web facing servers that legitimately have the capacity for their web environment using CGI or SSH etc to pass commands to BASH for execution. The problem is not that BASH is directly executable from the web, it's that it can be passed malicious commands via the front end exploiting legitimate functionality.Originally posted by Unix View Post"Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.Comment
-
I would explain how completely you have failed to understand the issue, but you are clearly so enamoured of the uninformed certainty that springs from your profound ignorance that you wouldn't pay any attention.Originally posted by Unix View PostComment
-
Because Red Hat, Ubuntu, and the myriad other companies who are providing fixes for this are all either one guy volunteering, or unrelated third parties. No, hang on, Red Hat has a market capitalisation of over $10 billion on the NYSE, Ubuntu shows annual revenues of $300 million… I wonder how they manage that, given that open source software isn't commercial?Originally posted by DaveB View Post
Comment
-
-
Which is fine, and a good thing. But what about all those folks who grab the latest binaries or source code from the repository and deploy it themselves. They are the ones relying on the one volunteer or the third parties to fix the problem. Even the companies who build home routers and (allegedly in some cases) know how to write networking code are relying on running it on top of a BASH shell that they may well have grabbed for free from Github because it was there, it worked, and it didn't need any messy or expensive licensing.Originally posted by NickFitz View PostBecause Red Hat, Ubuntu, and the myriad other companies who are providing fixes for this are all either one guy volunteering, or unrelated third parties. No, hang on, Red Hat has a market capitalisation of over $10 billion on the NYSE, Ubuntu shows annual revenues of $300 million… I wonder how they manage that, given that open source software isn't commercial?"Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.Comment
Comment