Path: csiph.com!xmission!news.glorb.com!usenet.stanford.edu!not-for-mail
From: Eduardo =?utf-8?Q?A=2E_Bustamante_L=C3=B3pez?= <dualbus@gmail.com>
Newsgroups: gnu.bash.bug
Subject: Re: Integer Overflow in braces
Date: Thu, 20 Aug 2015 22:00:56 -0500
Lines: 17
Approved: bug-bash@gnu.org
Message-ID: <mailman.51.1440126064.31004.bug-bash@gnu.org>
References: <CABq52TYThGj9OtBn3xTti5scmA=WdnS7ULw3G6GMayPK6WR0+w@mail.gmail.com> <5768562.ErHXazUaoC@smorgbox> <20150818130433.GF4309@eeg.ccf.org> <1558903.maOEY5AuEr@smorgbox> <55D34338.9000502@case.edu>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: usenet.stanford.edu 1440126064 32658 208.118.235.17 (21 Aug 2015 03:01:04 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: Dan Douglas <ormaaj@gmail.com>, bug-bash@gnu.org, Greg Wooledge <wooledg@eeg.ccf.org>, Pasha K <pashakravtsov@gmail.com>
To: Chet Ramey <chet.ramey@case.edu>
Envelope-to: bug-bash@gnu.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=xzcOd03hzKuKP36ecoZM/3gB1fh7idAH+WdwCv8ykxM=; b=rms4+0lozSod4zmk33NHtoQTigQ8KNFbQF3fvCHCilE80RXrA8YYz5UZHOtYJRxXgb +M6We8n14XQ3i/TEDxwp9Dk+BwrwRbeN0ckD0fbmmueWajQMs3c/Og1hXGCBuAeLUiPz qca5jm/5HNBAQ8fVwN5WHgTGfKTVA0Fx2Hb4PSDfun7j355oPixmOkjD3Ga1Z0pywAQp 00lLSd1mD+8OM2ml3nFcu60umZF4eQi5eckKEg3SvdSjnBnUHAyCgqatwbRN4/ZOqOxP vcUqP1NzdMjVLeJ0X1Pw1DW1aibvFzPKqxgOZu6JT3JdfgTgOqt3WoO6HM53xnmGd9Nv Z0aw==
X-Received: by 10.66.140.8 with SMTP id rc8mr12832964pab.34.1440126056911; Thu, 20 Aug 2015 20:00:56 -0700 (PDT)
Mail-Followup-To: Chet Ramey <chet.ramey@case.edu>, Dan Douglas <ormaaj@gmail.com>, bug-bash@gnu.org, Greg Wooledge <wooledg@eeg.ccf.org>, Pasha K <pashakravtsov@gmail.com>
Content-Disposition: inline
In-Reply-To: <55D34338.9000502@case.edu>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value).
X-Received-From: 2607:f8b0:400e:c03::22f
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
Xref: csiph.com gnu.bash.bug:11406

Just FYI, if this were really a critical security issue, this is not how you
should disclose it:

https://www.reddit.com/r/netsec/comments/3h997d/bash_integer_overflow/

You have to first contact the maintainer in private, make sure the issue is
acknowleged, fixed, and that the fix is available to most Bash users *before*
disclosing anything.

This just strikes me as a way to make yourself publicity. If you really want to
help to fix Bash, instead of just complaining about some odd looking comments,
provide patches...

-- 
Eduardo Bustamante
https://dualbus.me/