[arch-general] A good time to switch to dash as /bin/sh?

lolilolicon lolilolicon at gmail.com
Fri Sep 26 10:15:58 EDT 2014

On Fri, Sep 26, 2014 at 9:50 PM, Doug Newgard <scimmia at archlinux.info> wrote:
>> The problem is on many systems /bin/sh is linked to bash -- which is why
>> this bug is so widespread / severe. /bin/sh is "the single biggest
>> UNIX loophole", so let's make it a bit smaller by switching it to
>> something minimal, such as dash.
> Why? Why is that the problem? What attack vector is available because of
> this? Give me specifics, not theoretical, non-existent examples.

Because the vulnerable systems do not call bash by name, they call
/bin/sh. And they are vulnerable only because /bin/sh is linked to bash.

Specifically, only on systems where /bin/sh is bash, any ENV whose value
starts with '() {' gets turned into a function by the shell.
(It's being patched up, but this whole affair is telling...)

This is pretty real, unless what you want is some vivid horror story.

More information about the arch-general mailing list