On May 7, 2020, at 2:48 PM, Bill Cole
<[email protected]> wrote:
> That looks like my ugly hack. I came up with it shortly after the disclosure
> of the "ShellShock" vulnerability.
>
> The reason to do this when replacing a login shell or (most importantly) the
> system shell at /bin/sh is that you do not want either of those to be
> breakable by modification of a shared library installed by MacPorts.
alternatively, at the time I believe I downloaded the source from Apple,
applied the upstream patch, and replaced the system /bin/sh with the result.
> The primary reason that one should replace /bin/{bash,sh} with a newer
> version on older versions of MacOS X is ShellShock.
People who are running older versions of Mac OS X have chosen not to care about
vulnerabilities - since they're no longer getting security updates from Apple.
While it's maybe possible to patch/replace some of the parts of the system -
there are large closed-source surface areas that you aren't going to be able to
keep updated.
--
Daniel J. Luke
