dash is still the default /bin/sh, for speed and security, but you can change that to bash if you want: https://wiki.debian.org/DashAsBinSh
Ubuntu also uses dash by default: https://wiki.ubuntu.com/DashAsBinSh .hc Lee Azzarello wrote: > This output is from a Debian stable base system built with debootstrap > and no additional packages installed. > > root@debian:~# ls -l /bin/sh > lrwxrwxrwx 1 root root 4 Jun 17 21:47 /bin/sh -> bash > > I don't think Debian has used Dash since Sarge. > > -lee > > On 9/25/14, 1:36 PM, Dev Random wrote: >> This seems mitigated by the fact that /bin/sh is -> dash on debian. >> So unless something does explicitly #!/bin/bash, things should be >> okay. > >> BTW, there's a related vuln that's not fixed yet - CVE-2014-7169 >> https://news.ycombinator.com/item?id=8365158 > >> On Thu, 2014-09-25 at 08:48 -0400, Lee Azzarello wrote: >>> A remote code execution bug was found in the GNU Bash shell. >>> >>> http://seclists.org/oss-sec/2014/q3/650 >>> >>> I tested it on Debian stable from two days ago and indeed, I >>> could execute code after a function definition in an environment >>> variable. A server I updated yesterday evening was not >>> vulnerable, as the Debian team got a patch released quite fast. >>> >>> This effects any server you run any code on, though the remote >>> code execution attack vector is unlikely for many contemporary >>> application servers. Read the write up for details about a proof >>> of concept. >>> >>> Good Morning! >>> >>> -lee _______________________________________________ Guardian-dev >>> mailing list >>> >>> Post: [email protected] List info: >>> https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>> >>> To Unsubscribe Send email to: >>> [email protected] Or visit: >>> https://lists.mayfirst.org/mailman/options/guardian-dev/c1.android%40niftybox.net >>> >>> >>> > You are subscribed as: [email protected] > > > _______________________________________________ > Guardian-dev mailing list > > Post: [email protected] > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: [email protected] > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info > > You are subscribed as: [email protected] > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
