Firstly, that test is for CVE-2014-6271. People should also be aware of CVE-2014-7169, which circumvents the first attempt at a fix. I found this explanation of how it works helpful: http://serverfault.com/a/631379/134053
Secondly, don't assume that debian's default symlink fo /bin/sh to /bin/dash means you are not vulnerable to holes in bash. There's a lot of scripts and system calls around which explicitly invoke `bash` rather than `sh`. Also if a user uses /bin/bash as their shell, then this bug gives a way to circumvent command restrictions on a given ssh key, as configured in ~/.ssh/authorised_keys. With FreeBSD systems, most would have bash installed, but like debian, /bin/sh is not bash. I'm not surprised that Macs have bash installed, but is /bin/sh equal to bash, or is it something else? Andrew McNaughton On 26/09/14 12:25, Peter Ross wrote: > From: "Joh Lindley" <[email protected]> >>> Is Apple's sh a bash? I thought they are using FreeBSD's userland > (FreeBSD's sh is not affected [at least the tests are negative and > there >>> is no SA]) >> It would appear so. >> sh-3.2$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > vulnerable >> this is a test > You are calling the bash [not /bin/sh] here. > > It shows that you have a bash installed. > > Regards > Peter > > > _______________________________________________ > luv-main mailing list > [email protected] > http://lists.luv.asn.au/listinfo/luv-main > _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
