Bash, unless bash has a security vulnerability, isn't the problem. The problem is poor passwords, local vulnerabilities on the system that haven't been patched (i.e.: kernel memory exploits), and general ignorance on the part of administrators. Now, I've been guilty of not patching local holes on my machines - but one aspect of security that I've never skimped on was ensuring that remote access was locked down as tightly as possible.
Because I tend to travel a lot, it's not really possible for me to limit incoming SSH access to specific IPs, so instead I ensure that only a specific user (with a complicated password, changed regularily) can log in. If a hacker was to try to break into my system, they should have a difficult time gaining access, short of an 0day on SSH. Oh, and I use zsh ;) Joe > > You know, this makes me think that the default shell for secure > systems should be some other restricted shell than bash. I'm > surprised distros don't implement this automatically, making root > explicitly change the shell as needed.
