On Thu, Sep 25, 2014 at 10:54:38AM -0300, Henrique de Moraes Holschuh wrote:
I suggest everyone to do a spring cleanup in the login shells for system
accounts, and to deploy mitigation.
In general it's a good idea to have /bin/sh point to something other
than bash. That's the default on current debian systems, but might not
be the case on systems which were upgraded. Use
dpkg-reconfigure dash
to change that. There are still cases where the login shell will come
into play, but the biggest worms crawling around are leveraging /bin/sh.
Note that if you've been running /bin/sh as bash, you may find local
scripts which depend on bashisms--you'll want to test this, and it may
not be the best thing to do in a panic right now. But definitely
consider it for the long term.
Mike Stone
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/7cac97c6-44bc-11e4-8968-00163eeb5...@msgid.mathom.us
