[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3032-1] bash security update



On Thursday, 2014-09-25 at 10:13:31 -0400, Michael Stone wrote:
> On Thu, Sep 25, 2014 at 10:54:38AM -0300, Henrique de Moraes Holschuh wrote:

> In general it's a good idea to have /bin/sh point to something other
> than bash. That's the default on current debian systems, but might
> not be the case on systems which were upgraded. Use
>   dpkg-reconfigure dash
> to change that. There are still cases where the login shell will
> come into play, but the biggest worms crawling around are leveraging
> /bin/sh.

I'd first check with ls -l /bin/sh. This is how it should look:
lrwxrwxrwx 1 root root 4 Mar  1  2012 /bin/sh -> dash

BTW, I wonder why this isn't done with the alternatives system. My guess
is that /bin/sh is so crucial for system operation and especially
update-alternatives that it can't.

Lupe Christoph
-- 
| The politician's syllogism:                                            |
|     We must do something                                               |
|     This is something                                                  |
|     Therefore, we must do this.                                        |


Reply to: