On 26/09/2014 8:47 PM, Gary Gendel wrote:
The current maintainer says it's been in bash for ~20 years, why it's
not in Solaris 10 is a mystery.
It is in Solaris 10. (And 11.) The test being used is flawed:
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
This just tests whether or not /bin/sh is vulnerable, and on Solaris
/bin/sh != /bin/bash (unless your admin is insane and dropped it in
place, which can't really be ruled out). On many (most? all?) Linuxes,
/bin/sh *is* /bin/bash.
So Solaris and derivatives have the bug, but the attack surface isn't
anywhere near as massive as on a Linux distribution. But if someone has
written scripts explicitly using /bin/bash, or if you have sudo
configurations that don't clean out the environment, you can get bitten.
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
