Tiny Core Linux

Tiny Core Extensions => TCE Talk => Topic started by: elrick on September 26, 2014, 06:18:36 AM

Title: Shellshock Bug
Post by: elrick on September 26, 2014, 06:18:36 AM

Hi guys does it any version on Tiny Core can be affected with this bug? http://www.bbc.co.uk/news/technology-29361794

Title: Re: Shellshock Bug
Post by: hiro on September 26, 2014, 06:27:00 AM

I think only if you manually load bash and let /bin/sh point to bash, something similar could happen if some scripts you use that processes user-defined environments wants #!/bin/bash as shell...

I tested our busybox ash that we point to in /bin/sh and it doesn't seem to be affected.
Also see http://forum.tinycorelinux.net/index.php/topic,17535.0.html

Title: Re: Shellshock Bug
Post by: halma on September 26, 2014, 11:26:56 AM

hi,

you can test if you are vunerable with the follow command:

Code: [Select]

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"if it prints

Quote

vulnerable
this is a test

then you are still vunerable, update your bash version

take a look here http://forum.tinycorelinux.net/index.php/topic,17535.msg105163.html#msg105163 (http://forum.tinycorelinux.net/index.php/topic,17535.msg105163.html#msg105163)

Halma

Title: Re: Shellshock Bug
Post by: tinypoodle on September 26, 2014, 03:33:10 PM

On a sidenote:

Quote from: hiro on September 26, 2014, 06:27:00 AM

I tested our busybox ash that we point to in /bin/sh and it doesn't seem to be affected.

Same holds true with the infamous fork bomb vulnerability (documented by Jaromil) which is known since many years.
With bash it could be difficult to distinguish between bugs vs. features :P