Originally posted by chuckula
View Post
Announcement
Collapse
No announcement yet.
FSF Issues Statement On Shellshock Bash Vulnerability
Collapse
X
-
Originally posted by wagaf View Postdude, seriously ? ... how was the issue lied about or hidden in any way ?
Bugs which affected older software for a long time are discovered on a regular basis.
The argument has been "The bugs will be found because it is open source and peer reviewed". Now you have a critical bug that goes undetected for 25 years. Kinda blows a major hole in the argument, doesn't it?
Comment
-
Originally posted by gamerk2 View PostIf by older you mean from a week ago before the bug was disclosed, yes.
The argument has been "The bugs will be found because it is open source and peer reviewed". Now you have a critical bug that goes undetected for 25 years. Kinda blows a major hole in the argument, doesn't it?
Comment
-
Originally posted by chuckula View PostAll I see is a bunch of political spin about how having GPL3 somehow magically fixes Bash. Well, any other even semi-open source license would be just as effective. They also don't mention that this bug *was in Bash for 25 years* and publicly available to organizations like the NSA/Russian mob/Chinese Govt./etc. who could easily exploit it without going out of their way to be nice and tell the rest of us about the issue.
Comment
-
Originally posted by gamerk2 View PostIf by older you mean from a week ago before the bug was disclosed, yes.
The argument has been "The bugs will be found because it is open source and peer reviewed". Now you have a critical bug that goes undetected for 25 years. Kinda blows a major hole in the argument, doesn't it?
And yeah, in whatever way you look it; it's a win for FSF. Because their software didn't even have a chance to be affected by the bug; more, they didn't even have to do the work. I can say that now even knowing they are blind in so many ways than I care to tell.
Comment
-
Originally posted by Luke_Wolf View PostYeah this is my feeling on this too. To be honest this is another reason I'm seriously evaluating BSD, I want to get away from the GNU userland because it was written by an ideologue (Richard Stallman) who couldn't care less about code quality as opposed to just serving his own personal ideology which means that crap like this is going to happen all the more often vs alternative software, and you get nonsense like his breaking how su is supposed to work because he wants anyone with root password to have full rights.
Comment
-
What's with all the 'bash-ing"
So, here goes a more technical question. Would it have helped in this situation to have BASH written on a higher level language, such as go, rust, or some of the 'better' alternatives to C? I have the feeling that a lot of the exploits we've seen in the past have to do with using C, which I understand for Kernel development, but userland tools could probably afford something slightly slower but safer. Anyways, might not be the case for this particular exploit ...
Comment
-
Originally posted by gamerk2 View PostThe argument has been "The bugs will be found because it is open source and peer reviewed".?
Comment
-
So let me get this straight:
Developers have been feeding bash with external untested unchecked strings, while logged as root, for +20 years.
And it's bash's fault.
Yeah, right.
PS: The only vulnerable systems are those running software that directly feeds strings to bash.Last edited by elmerovingio; 26 September 2014, 04:59 PM.
Comment
Comment