[kwlug-disc] Vulnerability in bash
Hubert Chathi
hubert at uhoreg.ca
Thu Sep 25 18:05:39 EDT 2014
On Thu, 25 Sep 2014 17:46:23 -0400, Khalid Baheyeldin <kb at 2bits.com> said:
> Correct.
> Except that many (including me, and many in the PHP CMS universe)
> choose not to run mod_php because of its memory footprint, and opt for
> FastCGI, with PHP running as PHP-FPM, and either Apache threaded
> frontending it or nginx.
AFAIK, FastCGI, scgi, etc. shouldn't be vulnerable either, because bash
isn't involved at all. Unless, of course, your PHP (or whatever) script
decides to run a shell script using bash.
More information about the kwlug-disc
mailing list