[arch-general] A good time to switch to dash as /bin/sh?
Guus Snijders
gsnijders at gmail.com
Fri Sep 26 18:23:59 UTC 2014
Op 26 sep. 2014 16:34 schreef "Doug Newgard" <scimmia at archlinux.info>:
[...]
>
> Instead of theorizing that "many" will do this, give a real world example
of where this happens and would have reduced the attack surface of the bug
in question.
One of the very few examples that sound reasonable, is dhclient.
Apparently, that can be readily used for this bug to be exploited. Sounds
like more of problem with dhclient, though.
I agree that there's a lot of fud out there about this bug; once found (or
perhaps: cve assigned), the patches came quickly, so that actually looks
quite good for bash!
Switching /bin/sh to dash has been discussed before and we can spend a lot
of e-mails on that, but as usual it's up to devs to implement it as such,
or not.
Just my E0, 02
Mvg, Guus
More information about the arch-general
mailing list