bash security hole
Steve Riley
steve at rileyz.net
Sun Sep 28 02:26:14 UTC 2014
On 2014-09-27 08:55:01 Scott DuBois <sdubois at linux.com> wrote:
>
> Thanks Steve, but isn't dash public facing through the servers while
> bash is not (at least by default anyway).
>
> _from another mailing list_:
>
> "If I understand correctly, the general path to execution is any external
> calls to bash explicitly, or to /bin/sh in any fashion, most notably via
> the system(3) syscall. Amirite? So, first point, /bin/sh doesn't need
> to be bash. On Debian[1]/*buntu[2] systems by default, it's been dash
> (Debian Almquist shell, a variant of the lightweight Bourne-compatible
> Almquist shell 'ash') for many years, because dash is smaller, faster, and
> -- ta da! -- less feature-bloated hence less likely to be involved in
> security problems."
Not exactly sure what you may mean by "public facing." The author of a script can specify whatever shell he/she wishes for executing any script. You'll see this in the first line. For instance, scripts that begin with
#!/bin/bash
Will use Bash to execute. Scripts that begin with
#!/bin/sh
Will use sh. On Debian/Ubuntu, /bin/sh is a symbolic link to /bin/dash. The #! notation is called a "shebang"; read more at https://en.wikipedia.org/wiki/Shebang_(Unix).
Bash is the default login shell for Debian and Ubuntu. It's also used by quite a number of scripts in the system. You check this for yourself:
user at host:~$ grep -R '#!/bin/bash' /bin /sbin /usr/bin /usr/sbin
Notably, /sbin/dhclient-script is the one that seems to allow malicious DNS servers to attack a target machine.
...Steve
More information about the kubuntu-users
mailing list