[dns-operations] ShellShock exploit through the DNS

Jim Reid jim at rfc1035.com
Tue Oct 14 17:53:14 UTC 2014


On 14 Oct 2014, at 12:46, P Vixie <paul at redbarn.org> wrote:

>> As "/bin/sh" is almost always a symlink to "/bin/bash", and many O/S 
>> scripts assume this to be the case (i.e. use bash specific features, 
>> without declaring "#!/bin/bash"), so simply making "/bin/sh" a link to 
>> (say) "/bin/ash" is probably not an option.
> 
> Apple and redhat err'd in using bash to implement the /bin/sh interface. They should switch to ash like BSD or to the dash derivative of ash like Debian.

??
wallace% uname -a
Darwin wallace.rfc1035.com 13.4.0 Darwin Kernel Version 13.4.0: Sun Aug 17 19:50:11 PDT 2014; root:xnu-2422.115.4~1/RELEASE_X86_64 x86_64
wallace% ls -lsi /bin/*sh
11551653    1 -r-xr-xr-x  1 root  wheel  1228336  1 Oct 09:04 /bin/bash
 9655244    1 -rwxr-xr-x  2 root  wheel   357984 20 May 22:50 /bin/csh
 9611979    1 -r-xr-xr-x  1 root  wheel  1315248 20 May 22:49 /bin/ksh
11551654    1 -r-xr-xr-x  1 root  wheel  1228416  1 Oct 09:04 /bin/sh
 9655244    1 -rwxr-xr-x  2 root  wheel   357984 20 May 22:50 /bin/tcsh
 9655904    1 -rwxr-xr-x  1 root  wheel   530320 20 May 22:50 /bin/zsh





More information about the dns-operations mailing list