/[ports]
ViewVC logotype

Revision 369345

Jump to revision: Previous Next
Author: bdrewery
Date: Fri Sep 26 21:10:26 2014 UTC (9 years, 9 months ago)
Changed paths: 4
Log Message: 
MFH: r369341

Disable function importing from the environment by default.  This can be
enabled by using --import-functions or enabling the IMPORTFUNCTIONS option.

This removes the risk of further parser bugs leading to code execution, as
well as the risk to setuid scripts and poorly written applications that
do not cleanse their environment [1][2].

Also note that there is an unofficial 4.3.26 floating around that has not yet
been officially released.  r369261 covers the change in 4.3.26.

See also:
  http://seclists.org/oss-sec/2014/q3/747 [1]
  http://seclists.org/oss-sec/2014/q3/746 [2]
  http://seclists.org/oss-sec/2014/q3/755 [3]

Obtained from:	NetBSD (based on) [3]
PR:		193932
Reviewed by:	Eric Vangyzen
With hat:	portmgr

Changed paths

Path Details
Directorybranches/2014Q3/ modified , props changed
Directorybranches/2014Q3/UPDATING modified , text changed
Directorybranches/2014Q3/shells/bash/Makefile modified , text changed
Directorybranches/2014Q3/shells/bash/files/extrapatch-import-functions
(Copied from head/shells/bash/files/extrapatch-import-functions, r369341) 		added
  ViewVC Help
Powered by ViewVC 1.1.27