diff options
Diffstat (limited to 'UPDATING')
| -rw-r--r-- | UPDATING | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -10,10 +10,11 @@ you update your ports collection, before attempting any port upgrades. AUTHOR: bdrewery@FreeBSD.org Bash supports a feature of exporting functions in the environment with - export -f. Running bash with exported functioned in the environment will - then import those functions into the environment. This resulted in - security issues CVE-2014-6271 and CVE-2014-7169, commonly known as - "shellshock". + export -f. Running bash with exported functions in the environment will + then import those functions into the environment of the script being ran. + This resulted in security issues CVE-2014-6271 and CVE-2014-7169, commonly + known as "shellshock". It also can result in poorly written scripts being + tricked into running arbitrary commands. To fully mitigate against this sort of attack we have applied a non-upstream patch to disable this functionality by default. You can execute bash |