[Python-Dev] Critical bash vulnerability CVE-2014-6271 may affect Python on *n*x and OSX

Cameron Simpson cs at zip.com.au
Sat Sep 27 00:11:57 CEST 2014

On 26Sep2014 13:16, Antoine Pitrou <solipsis at pitrou.net> wrote:
>On Fri, 26 Sep 2014 01:10:53 -0700
>Hasan Diwan <hasan.diwan at gmail.com> wrote:
>> On 26 September 2014 00:28, Matěj Cepl <mcepl at cepl.eu> wrote:
>> > Where does your faith that other /bin/sh implementations (dash,
>> > busybox, etc.) are less buggy comes from?
>> The fact that they are simpler, in terms of lines of code. It's no
>> guarantee, but the less a given piece of code does, the less bugs it will
>> have. -- H
>And that they have less "features" (which is certainly correlated to
>their simplicity). IIUC, the misimplemented feature leading to this
>vulnerability is a bash-ism.

IIRC you could export functions in ksh. Or maybe only aliases. But that implies 
most POSIX shells may support it.

I've never seen the point myself; it is not a feature I've ever needed.

Cameron Simpson <cs at zip.com.au>

Follow! But! Follow only if ye be men of valor, for the entrance to this cave
is guarded by a creature so foul, so cruel that no man yet has fought with it
and lived! Bones of four fifty men lie strewn about its lair.  So,
brave knights, if you do doubt your courage or your strength, come no
further, for death awaits you all with nasty big pointy teeth.
- Tim The Enchanter

More information about the Python-Dev mailing list