[mythtv-users] Shellshock discussion
Hika van den Hoven
hikavdh at gmail.com
Fri Sep 26 17:20:15 UTC 2014
Hoi Gary,
Friday, September 26, 2014, 7:04:43 PM, you wrote:
> On Fri, Sep 26, 2014 at 4:50 PM, Hika van den Hoven <hikavdh at gmail.com> wrote:
> ....
>> You at least have to log off all existing shells for it to take full
>> effect.
> No, you do not. Not for this one. Just looking
> at the patch will tell you that, or, if you wish,
> read the more reputable reports. Here is one
> from a major enterprise linux vendor:
> https://access.redhat.com/articles/1200223
> (read towards the bottom where it says "Do I need
> to reboot services". The only exception to the
> reboot is if you are already compromised, in which
> case you may actually need to re-install, depending
> on how the exploit persistantized itself).
> Note that I assert you have (likely) actually proved my
> point. You have (likely) already expended more effort
> than just applying the patch on almost all distributions
> (if you compile the entire gnu userland from source,
> I accept it may take a bit longer to complete).
> _______________________________________________
Actually I emerged (and thus compiled) the patch on both servers I
maintain. That doesn't mean I will not further investigate! Like
reading that some webservers might be afflicted.
Also before applying anything to a server, you have to know if there
are any potential problems to arise. You might not be able to reboot
for instance without affecting users.
Tot mails,
Hika mailto:hikavdh at gmail.com
"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"
De lerende Mens
More information about the mythtv-users
mailing list