Bash 2.05 Problems

Gerard Beekmans gerard at linuxfromscratch.org
Wed Aug 15 18:09:14 PDT 2001


On Sat, Aug 11, 2001 at 03:23:19PM -0400, Thomas M. Beaudry wrote:
> I brought this up once before but don't remember if I got an
> answer so I'll ask again.
> 
> Why doesn't LFS apply the patches to bash-2.05?  Besides the
> obviously desirable fixes to bug buddy and file descriptor
> handling, they fix a number of buffer overruns.  I don't know
> if they could be a security risk in bash but they have been
> exploited in other programs to gain root access.

I'd like to gather locations for all patches for all packages in the LFS
book and mention them. So far I haven't collected anything (too busy
myself, no 'formal' submissions have been made to bugzilla either).

It'll be taken care of, after the 3.0 release. Too much work finding all
patches, applying them, testing them, etc, etc for the 3.0 release.


-- 
Gerard Beekmans
www.linuxfromscratch.org

-*- If Linux doesn't have the solution, you have the wrong problem -*-
-- 
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message



More information about the lfs-security mailing list