bash security hole
steve at rileyz.net
Sun Sep 28 02:26:14 UTC 2014
On 2014-09-27 08:55:01 Scott DuBois <sdubois at linux.com> wrote:
> Thanks Steve, but isn't dash public facing through the servers while
> bash is not (at least by default anyway).
> _from another mailing list_:
> "If I understand correctly, the general path to execution is any external
> calls to bash explicitly, or to /bin/sh in any fashion, most notably via
> the system(3) syscall. Amirite? So, first point, /bin/sh doesn't need
> to be bash. On Debian/*buntu systems by default, it's been dash
> (Debian Almquist shell, a variant of the lightweight Bourne-compatible
> Almquist shell 'ash') for many years, because dash is smaller, faster, and
> -- ta da! -- less feature-bloated hence less likely to be involved in
> security problems."
Not exactly sure what you may mean by "public facing." The author of a script can specify whatever shell he/she wishes for executing any script. You'll see this in the first line. For instance, scripts that begin with
Will use Bash to execute. Scripts that begin with
Will use sh. On Debian/Ubuntu, /bin/sh is a symbolic link to /bin/dash. The #! notation is called a "shebang"; read more at https://en.wikipedia.org/wiki/Shebang_(Unix).
Bash is the default login shell for Debian and Ubuntu. It's also used by quite a number of scripts in the system. You check this for yourself:
user at host:~$ grep -R '#!/bin/bash' /bin /sbin /usr/bin /usr/sbin
Notably, /sbin/dhclient-script is the one that seems to allow malicious DNS servers to attack a target machine.
More information about the kubuntu-users