cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reword bash entry a bit

Browse Source
This commit is contained in:
Bryan Drewery 2014-09-26 21:42:21 +00:00
parent 92e9f2e7d5
commit 01a73adbed
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=369349
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
UPDATING
View File

@ -10,10 +10,11 @@ you update your ports collection, before attempting any port upgrades.
AUTHOR: bdrewery@FreeBSD.org
Bash supports a feature of exporting functions in the environment with
export -f. Running bash with exported functioned in the environment will
then import those functions into the environment. This resulted in
security issues CVE-2014-6271 and CVE-2014-7169, commonly known as
"shellshock".
export -f. Running bash with exported functions in the environment will
then import those functions into the environment of the script being ran.
This resulted in security issues CVE-2014-6271 and CVE-2014-7169, commonly
known as "shellshock". It also can result in poorly written scripts being
tricked into running arbitrary commands.
To fully mitigate against this sort of attack we have applied a non-upstream
patch to disable this functionality by default. You can execute bash