dhclient-script shell

Forest Bond forest at forestbond.com
Sat Sep 27 15:59:20 UTC 2014


Howdie,

In light of the recent bash vulnerability, perhaps it would make sense to
evaluate whether /sbin/dhclient-script really requires bash or if it can perhaps
be made POSIX compatible instead?

$ head -n1 /sbin/dhclient-script 
#!/bin/bash

My own opinion is that as long as bash supports function definitions in
environment variables, it is not sane for use in security-sensitive contexts.
That Debian/Ubuntu use dash as /bin/sh makes them quite a bit better off than
some other distros, but we should probably be looking to evaluate where bash is
invoked via shebang lines and take action to limit exposure that way.

Thanks,
Forest
-- 
Forest Bond
http://www.forestbond.com/
http://www.rapidrollout.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20140927/46197b9f/attachment.pgp>


More information about the ubuntu-devel mailing list