[dns-operations] ShellShock exploit through the DNS

Mike Hoskins (michoski) michoski at cisco.com
Tue Oct 14 18:02:17 UTC 2014


-----Original Message-----
From: Jim Reid <jim at rfc1035.com>
Date: Tuesday, October 14, 2014 at 1:53 PM
To: Paul Vixie <paul at redbarn.org>
Cc: "dns-operations at dns-oarc.net" <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] ShellShock exploit through the DNS

>On 14 Oct 2014, at 12:46, P Vixie <paul at redbarn.org> wrote:
>
>>> As "/bin/sh" is almost always a symlink to "/bin/bash", and many O/S
>>> scripts assume this to be the case (i.e. use bash specific features,
>>> without declaring "#!/bin/bash"), so simply making "/bin/sh" a link to
>>> (say) "/bin/ash" is probably not an option.
>> 
>> Apple and redhat err'd in using bash to implement the /bin/sh
>>interface. They should switch to ash like BSD or to the dash derivative
>>of ash like Debian.
>
>??
>wallace% uname -a
>Darwin wallace.rfc1035.com 13.4.0 Darwin Kernel Version 13.4.0: Sun Aug
>17 19:50:11 PDT 2014; root:xnu-2422.115.4~1/RELEASE_X86_64 x86_64
>wallace% ls -lsi /bin/*sh
>11551653    1 -r-xr-xr-x  1 root  wheel  1228336  1 Oct 09:04 /bin/bash
> 9655244    1 -rwxr-xr-x  2 root  wheel   357984 20 May 22:50 /bin/csh
> 9611979    1 -r-xr-xr-x  1 root  wheel  1315248 20 May 22:49 /bin/ksh
>11551654    1 -r-xr-xr-x  1 root  wheel  1228416  1 Oct 09:04 /bin/sh
> 9655244    1 -rwxr-xr-x  2 root  wheel   357984 20 May 22:50 /bin/tcsh
> 9655904    1 -rwxr-xr-x  1 root  wheel   530320 20 May 22:50 /bin/zsh

# uname -a
Darwin etwork-mac 13.4.0 Darwin Kernel Version 13.4.0: Sun Aug 17 19:50:11
PDT 2014; root:xnu-2422.115.4~1/RELEASE_X86_64 x86_64


# /bin/sh --version
GNU bash, ...





More information about the dns-operations mailing list