[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3032-1] bash security update

On Thu, Sep 25, 2014 at 10:54:38AM -0300, Henrique de Moraes Holschuh wrote:
I suggest everyone to do a spring cleanup in the login shells for system
accounts, and to deploy mitigation.

In general it's a good idea to have /bin/sh point to something other than bash. That's the default on current debian systems, but might not be the case on systems which were upgraded. Use
  dpkg-reconfigure dash
to change that. There are still cases where the login shell will come into play, but the biggest worms crawling around are leveraging /bin/sh.

Note that if you've been running /bin/sh as bash, you may find local scripts which depend on bashisms--you'll want to test this, and it may not be the best thing to do in a panic right now. But definitely consider it for the long term.

Mike Stone

Reply to: