StackExchange: Unix/Linux
The question...

Should bash shells be replaced with the new patched version?
US-CERT recommends users and administrators review TA14-268A, Vulnerability Note VU#252743 and the Redhat Security Blog (link is external) for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch.
A fact...

A timeline...
  • The Bash shellshock "vulnerability" has been a "feature" of Bash for 22 years. You'd think in all that time, in all those high-security environments that run Unix or Linux, someone would have worried about misuse.
  • Now, every installation of Bash in the world is about to be replaced.
  • Though Bash is open-source, few people actually take the time to study the code of such large and complex programs.
  • Bash is written in C, which supports embedded assembly-language code. Code that even fewer programmers have the skills to read.
  • Bash is written in C, which easily supports treating any block of binary, such as something labeled as data or a small image, as code.
  • Thus, a skilled programmer could hide "backdoor" code in plain sight, and it probably wouldn't be discovered unless it caused an error of some kind.
  • Extremely high-skilled programmers that break the law are often employed by federal agencies.

SSH keys beautifully explained

How to set up public key ssh authentication (
How to set up public key ssh authentication (
Understanding how SSH keys work and how to properly use them has long baffled even some of the most venerable programmers.

In the physical world, a given key usually fits just one lock. We have to special order multiple locks "keyed the same" for entry doors and such. To share access to something, we give out multiple copies of these physical keys.

It's thus tempting to imagine the shared "public key" to be analogous to a physical key and the "private key" to be the lock.

Actually, it's the other way around.

Wogan explains in "How to set up public key ssh authentication" (January, 2014).

SSH public-keys and private-keys

 understanding public key private key concepts, Blake Smith, 08 Feb 2010
Still confused about SSH public and private keys?

Blake Smith's 2010 article, "understanding public key private key concepts" provides the absolute best analogy I've come across.

This brief article lays it as simply and memorably as it gets.

What are all you people doing here?

The Pearly Gates (Wieskirche Gates)
Wieskirche Gates
"What are all you people doing here?" said God as he stood barring the Pearly Gates.

"Why didn't you save us?" said the multitudes before him.

God replied...

"I sent you my son so you'd learn the nobility of self sacrifice. You didn't.

"I sent you Ebola so you'd learn compassion for those you feared. You didn't.

"I sent you AIDS so you'd learn humility that such things could happen to those you loved. You didn't.

"I sent you terrorism so you'd learn that oppression by the few will always be overthrown by the many. You didn't.

"I sent you climate change so you'd learn to wisely recycle your waste lest nature do it for you... most harshly. You didn't.

"I sent you these things and many more, that your souls might be saved."

"So. Can we go in now?" a man asked.

God replied, "What do you think?"

"How extreme isolation warps the mind"

How extreme isolation warps the mind
(Getty Images)
Michael Bond, 14 May 2014,

My own theory goes something like this...

All that we perceive is the result of our imagination.

All raw sensory input is interpreted by our imagination.

If there is little or no sensory input, such as while sleeping or in extreme isolation, our imagination proceeds to rummage around through our memories for "input" to re-interpret.

This extrapolating and recombining and juxtapositioning is the process by which we solve problems and think creatively. The process by which we "imagine."

Economics 101: Something from nothing

Keynesian money multiplier effects

I've learned that my post back in January 2014 (below) was greatly inaccurate though the result is still essentially the same. -- docsalvage, June 2014
See the Wikipedia article...

Money Supply - Fractional Reserve Banking - example