[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] =?UTF-8?Q?St=C3=A9phane=20Chazelas:=20How=20*DID*=20you=20find=20Shellshock=3F?=
From:       "David A. Wheeler" <dwheeler () dwheeler ! com>
Date:       2014-10-08 14:26:21
Message-ID: E1XbsC5-0000nw-Rz () rmm6prod02 ! runbox ! com
[Download RAW message or body]

This is a question for St=C3=A9phane Chazelas, but I'm "cc"ing oss-security=
 because I think many of us want to know the answer.

St=C3=A9phane: How *DID* you find Shellshock, in as much detail as you can =
recall?

I'm told you found the bug after "reflecting on an earlier bug" you found i=
n bash "a few months earlier." (http://www.smh.com.au/it-pro/security-it/st=
ephane-chazelas-the-man-who-found-the-webs-most-dangerous-internet-security=
-bug-20140927-10mixr.html)

What I'm hoping is that we can learn some lessons and re-apply them elsewhe=
re.

--- David A. Wheeler

[prev in list] [next in list] [prev in thread] [next in thread]