/[ports]
ViewVC logotype

Revision 369341

Jump to revision: Previous Next
Author: bdrewery
Date: Fri Sep 26 20:33:23 2014 UTC (9 years, 2 months ago)
Changed paths: 3
Log Message: 
Disable function importing from the environment by default.  This can be
enabled by using --import-functions or enabling the IMPORTFUNCTIONS option.

This removes the risk of further parser bugs leading to code execution, as
well as the risk to setuid scripts and poorly written applications that
do not cleanse their environment [1][2].

Also note that there is an unofficial 4.3.26 floating around that has not yet
been officially released.  r369261 covers the change in 4.3.26.

See also:
  http://seclists.org/oss-sec/2014/q3/747 [1]
  http://seclists.org/oss-sec/2014/q3/746 [2]
  http://seclists.org/oss-sec/2014/q3/755 [3]

Obtained from:	NetBSD (based on) [3]
PR:		193932
Reviewed by:	Eric Vangyzen
With hat:	portmgr

Changed paths

Path Details
Directoryhead/UPDATING modified , text changed
Directoryhead/shells/bash/Makefile modified , text changed
Directoryhead/shells/bash/files/extrapatch-import-functions added
  ViewVC Help
Powered by ViewVC 1.1.27