[OpenIndiana-discuss] Bash bug issue
Brandon Hume
hume-ml+oi_discuss at bofh.ca
Thu Oct 2 14:00:27 UTC 2014
On 26/09/2014 8:47 PM, Gary Gendel wrote:
> The current maintainer says it's been in bash for ~20 years, why it's
> not in Solaris 10 is a mystery.
It is in Solaris 10. (And 11.) The test being used is flawed:
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
This just tests whether or not /bin/sh is vulnerable, and on Solaris
/bin/sh != /bin/bash (unless your admin is insane and dropped it in
place, which can't really be ruled out). On many (most? all?) Linuxes,
/bin/sh *is* /bin/bash.
So Solaris and derivatives have the bug, but the attack surface isn't
anywhere near as massive as on a Linux distribution. But if someone has
written scripts explicitly using /bin/bash, or if you have sudo
configurations that don't clean out the environment, you can get bitten.
More information about the openindiana-discuss
mailing list