bash security hole

Steve Riley steve at
Sun Sep 28 02:26:14 UTC 2014

On 2014-09-27 08:55:01 Scott DuBois <sdubois at> wrote:
> Thanks Steve, but isn't dash public facing through the servers while
> bash is not (at least by default anyway).
> _from another mailing list_:
> "If I understand correctly, the general path to execution is any external
> calls to bash explicitly, or to /bin/sh in any fashion, most notably via
> the system(3) syscall.  Amirite?  So, first point, /bin/sh doesn't need
> to be bash.  On Debian[1]/*buntu[2] systems by default, it's been dash
> (Debian Almquist shell, a variant of the lightweight Bourne-compatible
> Almquist shell 'ash') for many years, because dash is smaller, faster, and
> -- ta da!  -- less feature-bloated hence less likely to be involved in
> security problems."

Not exactly sure what you may mean by "public facing." The author of a script can specify whatever shell he/she wishes for executing any script. You'll see this in the first line. For instance, scripts that begin with


Will use Bash to execute. Scripts that begin with


Will use sh. On Debian/Ubuntu, /bin/sh is a symbolic link to /bin/dash. The #! notation is called a "shebang"; read more at

Bash is the default login shell for Debian and Ubuntu. It's also used by quite a number of scripts in the system. You check this for yourself:

user at host:~$ grep -R '#!/bin/bash' /bin /sbin /usr/bin /usr/sbin

Notably, /sbin/dhclient-script is the one that seems to allow malicious DNS servers to attack a target machine.


More information about the kubuntu-users mailing list