| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54248107.2010305@redbarn.org> Date: Thu, 25 Sep 2014 13:54:31 -0700 From: Paul Vixie <paul@...barn.org> To: Tim <tim-security@...tinelchicken.org> Cc: fulldisclosure@...lists.org, Evan Teitelman <teitelmanevan@...il.com> Subject: Re: [FD] Critical bash vulnerability CVE-2014-6271 > Tim <mailto:tim-security@...tinelchicken.org> > Thursday, September 25, 2014 1:06 PM > > > If you change the default shell from bash to a more sane one[1], like > dash or ash, does this attack disappear? no. the problem occurs when /bin/sh is bash, or when a network invokable script begins with the line #!/bin/bash. it has nothing to do with the user's shell. rather, it's the shell used by popen() and system() and of course (execl, execlp, execle, execv, execvp, execvpe), or, it's the explicitly called shell named at the top of the script itself. > I would assume so, but > sometimes foolish packages directly reference /bin/bash in the #! > header. (I notice some dhclient shell script hooks don't make an > explicit reference at all, while others reference /bin/sh.) some scripts really do depend on bash's extensions. the dhclient hook is particularly bad about that, since it uses the environment to pass parameters that are set by the DHCP server (or a miscreant pretending to be one). -- Paul Vixie _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists