That's for "Lenny users:". See this section: Squeeze users:
* Dash is always installed. * /bin/sh is dash by default (even for upgraded systems). .hc Lee Azzarello wrote: > I'm confused. The article you linked is instructions to install dash and > configure a base system to use it as default. Am I misunderstanding > something? > > -lee > > On Thursday, September 25, 2014, Hans-Christoph Steiner < > [email protected]> wrote: > >> >> dash is still the default /bin/sh, for speed and security, but you can >> change >> that to bash if you want: >> https://wiki.debian.org/DashAsBinSh >> >> Ubuntu also uses dash by default: >> https://wiki.ubuntu.com/DashAsBinSh >> >> .hc >> >> Lee Azzarello wrote: >>> This output is from a Debian stable base system built with debootstrap >>> and no additional packages installed. >>> >>> root@debian:~# ls -l /bin/sh >>> lrwxrwxrwx 1 root root 4 Jun 17 21:47 /bin/sh -> bash >>> >>> I don't think Debian has used Dash since Sarge. >>> >>> -lee >>> >>> On 9/25/14, 1:36 PM, Dev Random wrote: >>>> This seems mitigated by the fact that /bin/sh is -> dash on debian. >>>> So unless something does explicitly #!/bin/bash, things should be >>>> okay. >>> >>>> BTW, there's a related vuln that's not fixed yet - CVE-2014-7169 >>>> https://news.ycombinator.com/item?id=8365158 >>> >>>> On Thu, 2014-09-25 at 08:48 -0400, Lee Azzarello wrote: >>>>> A remote code execution bug was found in the GNU Bash shell. >>>>> >>>>> http://seclists.org/oss-sec/2014/q3/650 >>>>> >>>>> I tested it on Debian stable from two days ago and indeed, I >>>>> could execute code after a function definition in an environment >>>>> variable. A server I updated yesterday evening was not >>>>> vulnerable, as the Debian team got a patch released quite fast. >>>>> >>>>> This effects any server you run any code on, though the remote >>>>> code execution attack vector is unlikely for many contemporary >>>>> application servers. Read the write up for details about a proof >>>>> of concept. >>>>> >>>>> Good Morning! >>>>> >>>>> -lee _______________________________________________ Guardian-dev >>>>> mailing list >>>>> >>>>> Post: [email protected] <javascript:;> List info: >>>>> https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>>>> >>>>> To Unsubscribe Send email to: >>>>> [email protected] <javascript:;> Or visit: >>>>> >> https://lists.mayfirst.org/mailman/options/guardian-dev/c1.android%40niftybox.net >>>>> >>>>> >>>>> >>> You are subscribed as: [email protected] <javascript:;> >>> >>> >>> _______________________________________________ >>> Guardian-dev mailing list >>> >>> Post: [email protected] <javascript:;> >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>> >>> To Unsubscribe >>> Send email to: [email protected] >> <javascript:;> >>> Or visit: >> https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info >>> >>> You are subscribed as: [email protected] <javascript:;> >>> >> >> -- >> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 >> _______________________________________________ >> Guardian-dev mailing list >> >> Post: [email protected] <javascript:;> >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> >> To Unsubscribe >> Send email to: [email protected] >> <javascript:;> >> Or visit: >> https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info >> >> You are subscribed as: [email protected] <javascript:;> >> > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
