Bash 2.05 Problems

J.A. Neitzel jan.listbox at belvento.org
Sun Aug 12 11:29:37 PDT 2001


On Saturday 11 August 2001 14:23, Thomas M. Beaudry wrote:
> I brought this up once before but don't remember if I got an
> answer so I'll ask again.
>
> Why doesn't LFS apply the patches to bash-2.05?  Besides the
> obviously desirable fixes to bug buddy and file descriptor
> handling, they fix a number of buffer overruns.  I don't know
> if they could be a security risk in bash but they have been
> exploited in other programs to gain root access.

Do you mean the patches available via Chet Ramey's website at CWRU ?
http://cnswww.cns.cwru.edu/~chet/bash/bashtop.html

Good question? Frankly, I don't why it's not mentioned in the book that 
one might want to get these patches and apply them. Personally, I always 
check for updated info at his website and apply these patches after 
checking why they were released. Some of them are geared toward platform 
specific problems (Solaris, AIX, etc.)... Still I apply em all.

ftp://ftp.cwru.edu/pub/bash/bash-2.05-patches

Currently, there are 6 patches.
Plus a new y.tab.c & y.tab.h ...
-- 
Cheers,
Jeff
Linux locutus 2.4.7 #1 Thu Aug 2 00:00:17 EST 2001 i686
-- 
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message



More information about the lfs-security mailing list