[Mailman-Users] Shellshock status
Mark Sapiro
mark at msapiro.net
Tue Oct 7 04:29:16 CEST 2014
On 10/06/2014 08:24 AM, argybard at openmailbox.org wrote:
>
> Has there been an official word as to whether Mailman has been affected
> by the recent bash bugs, aka shellshock
>
> Mailman is listed here https://github.com/mubix/shellshocker-pocs and I
> wonder what developers think?
Mailman's CGIs (Mailman 2.1.x at least) do not invoke bash or any shell.
The CGI wrappers use the C execve function to call python directly to
run python scripts.
The Web UI in Mailman 3 is totally different and uses Django.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list