[dns-operations] ShellShock exploit through the DNS
Phil Regnauld
regnauld at nsrc.org
Tue Oct 14 18:28:30 UTC 2014
Jim Reid (jim) writes:
> >
> > Apple and redhat err'd in using bash to implement the /bin/sh interface. They should switch to ash like BSD or to the dash derivative of ash like Debian.
>
> ??
> wallace% uname -a
> Darwin wallace.rfc1035.com 13.4.0 Darwin Kernel Version 13.4.0: Sun Aug 17 19:50:11 PDT 2014; root:xnu-2422.115.4~1/RELEASE_X86_64 x86_64
> wallace% ls -lsi /bin/*sh
> 11551653 1 -r-xr-xr-x 1 root wheel 1228336 1 Oct 09:04 /bin/bash
> 11551654 1 -r-xr-xr-x 1 root wheel 1228416 1 Oct 09:04 /bin/sh
zsh$ cp /bin/sh /tmp/bash
zsh$ /tmp/bash
bash-3.2$
More information about the dns-operations
mailing list