Bash 2.05 Problems
jan.listbox at belvento.org
Sun Aug 12 11:29:37 PDT 2001
On Saturday 11 August 2001 14:23, Thomas M. Beaudry wrote:
> I brought this up once before but don't remember if I got an
> answer so I'll ask again.
> Why doesn't LFS apply the patches to bash-2.05? Besides the
> obviously desirable fixes to bug buddy and file descriptor
> handling, they fix a number of buffer overruns. I don't know
> if they could be a security risk in bash but they have been
> exploited in other programs to gain root access.
Do you mean the patches available via Chet Ramey's website at CWRU ?
Good question? Frankly, I don't why it's not mentioned in the book that
one might want to get these patches and apply them. Personally, I always
check for updated info at his website and apply these patches after
checking why they were released. Some of them are geared toward platform
specific problems (Solaris, AIX, etc.)... Still I apply em all.
Currently, there are 6 patches.
Plus a new y.tab.c & y.tab.h ...
Linux locutus 2.4.7 #1 Thu Aug 2 00:00:17 EST 2001 i686
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message
More information about the lfs-security