[Cialug] Shellshock Bash Remote Code Execution Vulnerability
Zachary Kotlarek
zach at kotlarek.com
Thu Sep 25 14:32:57 CDT 2014
On Sep 25, 2014, at 11:50 AM, Scott Yates <Scott at yatesframe.com> wrote:
> That seems like an excellent reason to NOT just stuff unknown data into
> system level environment variables EVAR!
I’m unclear on what you’d have mod_cgi do differently that would still allow it to easily interface with arbitrary CLI programs.
Or are you just saying “don’t use mod_cgi”?
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2749 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20140925/4c6f8452/attachment.bin>
More information about the Cialug
mailing list