27 Sep
2014
27 Sep
'14
1:27 a.m.
On Fri, Sep 26, 2014 at 6:28 PM, James Hogarth james.hogarth@gmail.com wrote:
On 26 Sep 2014 05:46, "Cliff Pratt" enkiduonthenet@gmail.com wrote:
Take the case of an Apache Bash CGI. This will have been loaded when
Apache
started, so Apache will have to be restarted to get the new one. There
may
be other similar cases. So the best thing is to reboot.
This is false and a major misunderstanding of the vulnerability.
- the vulnerability is just during initialisation of bash. Once it is
running it is beyond the vulnerable stage and needs no restarting 2) in a CGI of #!/bin/bash or for a system call with any other language for CGI bash gets executed on demand... It does not do what you say...
You are 100% correct, sir. Sorry about the noise......
Cheers,
Cliff