Re: [SECURITY] [DSA 3032-1] bash security update
On Thursday, 2014-09-25 at 10:13:31 -0400, Michael Stone wrote:
> On Thu, Sep 25, 2014 at 10:54:38AM -0300, Henrique de Moraes Holschuh wrote:
> In general it's a good idea to have /bin/sh point to something other
> than bash. That's the default on current debian systems, but might
> not be the case on systems which were upgraded. Use
> dpkg-reconfigure dash
> to change that. There are still cases where the login shell will
> come into play, but the biggest worms crawling around are leveraging
> /bin/sh.
I'd first check with ls -l /bin/sh. This is how it should look:
lrwxrwxrwx 1 root root 4 Mar 1 2012 /bin/sh -> dash
BTW, I wonder why this isn't done with the alternatives system. My guess
is that /bin/sh is so crucial for system operation and especially
update-alternatives that it can't.
Lupe Christoph
--
| The politician's syllogism: |
| We must do something |
| This is something |
| Therefore, we must do this. |
Reply to: