[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
update
Once upon a time, Daniel Jackson <fdj at mindspring.com> said:
> On 09/24/2014 07:22 PM, Jim Popovitch wrote:
> >That won't automatically invoke bash on Debian/Ubuntu....unless someone
> >intentionally changed default shells....
>
> People seem not to know that Debian and derivatives use a variant
> Almquist shell rather than bash for system accounts.
It doesn't have much to do with default shells or system account
settings; it has everything to do with what is /bin/sh. I think /bin/sh
has been dash (derived from NetBSD's Almquist shell) on Debian-derived
systems for a while now. Other major Linux distributions, e.g.
RHEL/Fedora family and IIRC SuSE, use bash as /bin/sh though, so should
be patched ASAP (especially if they are web servers).
Has anybody looked to see if the popular web software the users install
and don't maintain (e.g. Wordpress, phpBB, Joomla, Drupal) use system()
or the like to call out to external programs? What about service
provider type stuff like RT? I know Nagios calls out to shell scripts
for notifications and such, and passes some things in environment
variables (don't know if it can be tricked in this fashion though).
--
Chris Adams <cma at cmadams.net>
- Follow-Ups:
- update
- From: mysidia at gmail.com (Jimmy Hess)
- References:
- update
- From: randy at psg.com (Randy Bush)
- update
- From: jimpop at gmail.com (Jim Popovitch)
- update
- From: redkrieg at gmail.com (Brandon Whaley)
- update
- From: jimpop at gmail.com (Jim Popovitch)
- update
- From: mike at mtcc.com (Michael Thomas)
- update
- From: jimpop at gmail.com (Jim Popovitch)
- update
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- update
- From: jimpop at gmail.com (Jim Popovitch)
- update
- From: fdj at mindspring.com (Daniel Jackson)