[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX

Antoine Pitrou solipsis at pitrou.net
Fri Sep 26 13:16:05 CEST 2014

On Fri, 26 Sep 2014 01:10:53 -0700
Hasan Diwan <hasan.diwan at gmail.com> wrote:
> Matěj,
> On 26 September 2014 00:28, Matěj Cepl <mcepl at cepl.eu> wrote:
> > Where does your faith that other /bin/sh implementations (dash,
> > busybox, etc.) are less buggy comes from?
> The fact that they are simpler, in terms of lines of code. It's no
> guarantee, but the less a given piece of code does, the less bugs it will
> have. -- H

And that they have less "features" (which is certainly correlated to
their simplicity). IIUC, the misimplemented feature leading to this
vulnerability is a bash-ism.



More information about the Python-Dev mailing list