[clug] Security talk and the bash 'shellshock' vulnerability

Paul Wayper paulway at mabula.net
Fri Sep 26 06:41:39 MDT 2014

Hash: SHA1

Hi all,

Last night we had (what I thought was) a really good discussion of computer
security.  We roamed from the general observations about whether it is
indeed possible to prevent anything from being attacked, to the specific
question of ways to be secure when using your computer (in short: use Linux,
keep anything you use to access the internet up to date, and be sceptical).
 I also discovered that the new top box on my motorbike can fit seven pizzas
and three garlic breads :-)

We also talked about the fortuitously timed[1] bash 'shellshock'
vulnerability.  It's a complex beast, since it's difficult to exploit but
some of the things that can be exploited are exactly the kind of
internet-facing web service that are already under attack.  My own
understanding is that unless you're running a web server on your home
machine, then you're really not likely to get attacked with this any time soon.

But, as it came up in conversation at work today, and because I know Bob
will be asking "What about SELinux" :-), I thought I'd mention Dan Walsh's
excellent review of what SELinux can and cannot prevent in this attack:


Have fun,

Version: GnuPG v1


More information about the linux mailing list