Re: bash bug threat
Hi everyone,
I don't intend to play down the issue, but...
The bash environment variable bug has, to the best of my knowledge and after reading the reports and experimenting, NO practical relevance to Knoppix and no other end user Linux distribution, even when running apache or sshd.
Your computer willl not be hacked. Your files will not get stolen. Nobody can start a shell on your computer remotely unless you start a server and allow login by publishing access data by yourself, which is unrelated to the bug.
If you find a way to really use the shell variable parsing bug for a real exploit without the logged in user helping the attacker, please send a working proof.
Nevertheless, because of other pending updates of firefox/chromium and apt-get, I'm going to issue an update soon (7.4.2), also with a newer kernel where the - already patched in all issued Knoppix versions - file system corruption bug is now officially fixed (https://bugzilla.kernel.org/show_bug.cgi?id=83121). I wonder why that problem was not hyped in the news similar ways way as now is the bash variable bug since it really had the potential of losing data in normal operation.
Regards
-Klaus
On 26. September 2014 06:27:57 MESZ, Harshad Joshi <firewalrus@gmail.com> wrote:
> Replace bash by zsh/CSH for the time being.
>
> --sent from mobile--
> हर्षद जोशी
> On 26-Sep-2014 9:05 AM, "Jim Pritchett" <jpritchett1@charter.net>
> wrote:
>
> > Hello,
> >
> > I'm out of my league on this one. Is there a defense for
> this
> > beyond unplugging the internet?
> >
> > Jim
> >
> >
Reply to: