WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Shellshock Bug  (Read 1973 times)

Offline elrick

  • Newbie
  • *
  • Posts: 13
Shellshock Bug
« on: September 26, 2014, 03:18:36 AM »
Hi guys does it any version on Tiny Core can be affected with this bug? http://www.bbc.co.uk/news/technology-29361794

Offline hiro

  • Hero Member
  • *****
  • Posts: 1217
Re: Shellshock Bug
« Reply #1 on: September 26, 2014, 03:27:00 AM »
I think only if you manually load bash and let /bin/sh point to bash, something similar could happen if some scripts you use that processes user-defined environments wants #!/bin/bash as shell...

I tested our busybox ash that we point to in /bin/sh and it doesn't seem to be affected.
Also see http://forum.tinycorelinux.net/index.php/topic,17535.0.html

Offline halma

  • Full Member
  • ***
  • Posts: 164
Re: Shellshock Bug
« Reply #2 on: September 26, 2014, 08:26:56 AM »
hi,

you can test if you are vunerable with the follow command:
Code: [Select]
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"if it prints
Quote
vulnerable
this is a test
then you are still vunerable, update your bash version

take a look here http://forum.tinycorelinux.net/index.php/topic,17535.msg105163.html#msg105163

Halma
1 + 2 = 6  cause  10 - 6 = 78 ;-) lol

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: Shellshock Bug
« Reply #3 on: September 26, 2014, 12:33:10 PM »
On a sidenote:

I tested our busybox ash that we point to in /bin/sh and it doesn't seem to be affected.

Same holds true with the infamous fork bomb vulnerability (documented by Jaromil) which is known since many years.
With bash it could be difficult to distinguish between bugs vs. features :P
« Last Edit: September 26, 2014, 12:35:46 PM by tinypoodle »
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)