HackerTrans
TopNewTrendsCommentsPastAskShowJobs

3v1n0

no profile record

Submissions

Shellshock – Learning from Disaster

dwheeler.com
1 points·by 3v1n0·hace 9 meses·0 comments

comments

3v1n0
·hace 7 meses·discuss
Try to maintain the whole matrix or possibilities then you tell me...
3v1n0
·hace 2 años·discuss
You also need to have sshd enabled to use PAM and your sshd pam stack should include pam_selinux. Then it will be dynamically loaded only when sshd starts a PAM session.
3v1n0
·hace 2 años·discuss
IIRC sshd loads libpam only if specifically configured for it. So while it's not wrong, it's also a more edge case for the backdoor to work.
3v1n0
·hace 2 años·discuss
Also the attacker included in the 5.6.0 release the support for the long-awaited multi-threading decompression (and - broken - sandbox) making it very attractive to upgrade to...

It was probably a tactic to give a reason to upgrade. It's not always a fault for those who did or tried to do.
3v1n0
·hace 3 años·discuss
Don't worry, it happened the same also to someone else: https://www.thegeographicalcure.com/post/underpants-in-the-s...
3v1n0
·hace 5 años·discuss
Ok great to hear that this is the case!

Reading the README was a bit unclear on this topic.

I also know that engineers do their best, while their employers may not always care about proper behavior when it comes to contribute back to FLOSS
3v1n0
·hace 5 años·discuss
Yeah but also... “If you want to upstream it, take it” it's not really something where ehi forked is working hard to send it back upstream patch by patch...