Logan made a little presentation titled “Shellshock: Survival guide” at the Univeristy of Mauritius (UoM).

Logan said that he was suggesting a patch that would consist of disabling certain “features” of Bash. According to Google and other people, it would break the internet as the patch would not be backwards compatible.

Personally, I feel a perfect patch would do these following 2 things:
1. Fix the shell shock bug
2. Not break existing applications

From the presentation, it seemed to me that the shell shock problem could be fixed by just fixing the parser or maybe in the future use a drop-in replacement parser.

Logan then mentioned that the parser is linked to a network interface which complicated stuffs. He suggested that the parser should be separated from the network interface and thus breaking lots of existing applications which does not fall into the category of perfect patch.

There was not enough demos of vulnerabilities in the presentation except the shell shock test which everyone is posting on the internet

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

Logan was suggesting to use his hardened Bash patch inside Linux containers (LXC, docker) so as you can make only your application compliant to the hardened Bash rather than making your whole operating system compliant.

Anyways, due to lack of information on the subject, I can really decide whether Bash can be ever “fixed” or not.