Re: [SECURITY] [DSA 3032-1] bash security update
On Thu, Sep 25, 2014 at 10:54:38AM -0300, Henrique de Moraes Holschuh wrote:
I suggest everyone to do a spring cleanup in the login shells for system
accounts, and to deploy mitigation.
In general it's a good idea to have /bin/sh point to something other
than bash. That's the default on current debian systems, but might not
be the case on systems which were upgraded. Use
to change that. There are still cases where the login shell will come
into play, but the biggest worms crawling around are leveraging /bin/sh.
Note that if you've been running /bin/sh as bash, you may find local
scripts which depend on bashisms--you'll want to test this, and it may
not be the best thing to do in a panic right now. But definitely
consider it for the long term.