passwd -e /bin/emacs ?
> On 25 Sep 2014, at 6:18 pm, Ben Couldrey <[email protected]> wrote: > > We should all be running zsh anyway… (sorry Boyd, had to get in before you > did) > > Ben > >> On 25 Sep 2014, at 6:13 pm, Andrew Watkins <[email protected]> wrote: >> >> >> It will be interesting if Oracle release a bash patch for all Solaris 11 >> versions (11, 11.1 and 11.2). >> Or will the force everyone to go to Solaris 11.2 SRU latest >> >> Andrew >> >>> On 25/09/2014 08:21, McGinley, Ian R wrote: >>> Log an SR asking for it. >>> >>> We’ve got one in the system for tracking internal change management >>> purposes. >>> >>> In the mean time if it’s super dangerous for you, then pkgrm SUNWbash, or >>> at least chmod 000 /bin/bash >>> >>> >>> Ian McGinley >>> Application Technology >>> Consumer and Digital - Online >>> 03 8647 2433 >>> 0457 724 419 >>> >>> From: Tony Payne [mailto:[email protected]] >>> Sent: Thursday, 25 September 2014 11:39 AM >>> To: msosug >>> Subject: [msosug] bash vulnerability in Solaris?. >>> >>> Hi All, >>> >>> I'm sure you've all heard about the bash vulnerability where: >>> *"specially-crafted environment variables can be used to inject shell >>> commands" unearthed by Stephane Chazelas very recently?. >>> >>> Many linux flavors have already released patches and according to the >>> following test (see in full at: https://access.redhat.com/articles/1200223) >>> Solaris 10 at least appears to be vulnerable. >>> >>> ========================= >>> Diagnostic Steps >>> To test if your version of Bash is vulnerable to this issue, run the >>> following command: >>> >>> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" >>> If the output of the above command looks as follows: >>> >>> vulnerable >>> this is a test >>> you are using a vulnerable version of Bash. The patch used to fix this >>> issue ensures that no code is allowed after the end of a Bash function. >>> Thus, if you run the above example with the patched version of Bash, you >>> should get an output similar to: >>> >>> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" >>> bash: warning: x: ignoring function definition attempt >>> bash: error importing function definition for `x' >>> this is a test >>> ========================= >>> >>> >>> Does anyone know if there is, or is planned, a patch for Solaris' bash >>> implementation?. >>> >>> >>> * >>> https://access.redhat.com/security/cve/CVE-2014-6271?sc_cid=70160000000e8eaAAA&; >>> >>> -- >>> Cheers, >>> Tony. >>> \|/ ____ \|/ >>> @~/ ,. \~@ >>> /_( \__/ )_\ >>> +------------------------------\__U_/----------------------------------+ >>> >>> >>> >>> _______________________________________________ >>> msosug mailing list >>> [email protected] >>> http://mexico.purplecow.org/m/listinfo/msosug >> >> >> -- >> Andrew Watkins * Birkbeck, University of London * Computer Science * >> * UKOUG Solaris SIG Co-Chair * >> http://notallmicrosoft.blogspot.com/ >> _______________________________________________ >> msosug mailing list >> [email protected] >> http://mexico.purplecow.org/m/listinfo/msosug > > _______________________________________________ > msosug mailing list > [email protected] > http://mexico.purplecow.org/m/listinfo/msosug
_______________________________________________ msosug mailing list [email protected] http://mexico.purplecow.org/m/listinfo/msosug
