Re: Bash security issue

[Nick Bowler]

On 2014-09-25 08:55 -0600, Eric Blake wrote:
> On 09/25/2014 07:51 AM, Bob Friesenhahn wrote:
> > It may be that some users of 'autoconf' will be at risk due to the dire
> > bash security bug described at
> > "http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/";.
> > 
> > Take care that the environment is carefully vetted.
> 
> There's nothing that ./configure can do to avoid the buggy bash, but it
> may indeed be worth patching autoconf to generate configure scripts that
> issue a loud warning if the buggy shell is detected on the user's
> system.  I'll look into doing that.

The most surprising thing I learned from this whole ordeal is that
there are strings consisting entirely of printable characters that
are not portable to store in exported shell variables.

Cheers,
-- 
Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/)