Dear Experts, I was wondering if it could be a good workaround to link /bin/sh to tcsh instead of bash. I'm not using bash at all but probably something in the system is so do you know some contraindication on a system with apache and SVN servers? Thanks Walter On Wed, 24 Sep 2014, Patrick O'Callaghan wrote:
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ From the article: The vulnerability affects versions 1.14 through 4.3 of GNU Bash. [...] To check your system, from a command line, type: env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the system is vulnerable, the output will be: vulnerable this is a test An unaffected (or patched) system will output: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test I tried it and got the positive (vulnerable) result. Can we assume a patched version of Bash will be released shortly? poc
-- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org