On Thu, Sep 25, 2014 at 10:54:38AM -0300, Henrique de Moraes Holschuh wrote:
I suggest everyone to do a spring cleanup in the login shells for system accounts, and to deploy mitigation.
In general it's a good idea to have /bin/sh point to something other than bash. That's the default on current debian systems, but might not be the case on systems which were upgraded. Use
dpkg-reconfigure dashto change that. There are still cases where the login shell will come into play, but the biggest worms crawling around are leveraging /bin/sh.
Note that if you've been running /bin/sh as bash, you may find local scripts which depend on bashisms--you'll want to test this, and it may not be the best thing to do in a panic right now. But definitely consider it for the long term.
Mike Stone