Re: [arch-general] A good time to switch to dash as /bin/sh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 2014-09-26 09:29, Maarten de Vries wrote:
On 26 September 2014 16:25, Doug Newgard <scimmia@xxxxxxxxxxxxxx> wrote:

On 2014-09-26 09:15, lolilolicon wrote:

On Fri, Sep 26, 2014 at 9:50 PM, Doug Newgard <scimmia@xxxxxxxxxxxxxx>
wrote:

The problem is on many systems /bin/sh is linked to bash -- which is why
this bug is so widespread / severe. /bin/sh is "the single biggest
UNIX loophole", so let's make it a bit smaller by switching it to
something minimal, such as dash.



Why? Why is that the problem? What attack vector is available because of
this? Give me specifics, not theoretical, non-existent examples.


Because the vulnerable systems do not call bash by name, they call
/bin/sh. And they are vulnerable only because /bin/sh is linked to bash.


Wrong, they DO call bash by name. The main issues are with ssh, which uses
the user's specified interactive shell, and with Apache's mod_cgi and
mod_cgid, which do call bash. Again, stop providing non-existent FUD and give real-world examples of where having /bin/sh linked to something else
would have mitigated this.



Some programs may call bash by name, but many will just use system() and
get bash without asking for it.

From man 3 system:

The system() library function uses fork(2) to create a child process that
executes the shell command specified in command using execl(3) as
follows:           execl("/bin/sh", "sh", "-c", command, (char *) 0);


Instead of theorizing that "many" will do this, give a real world example of where this happens and would have reduced the attack surface of the bug in question.
 

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux