Vulnerability in Bash Shell widespread and serious

by
in security on (#2SWX)
Upgrade now, if you can. A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems - and, thanks to their ubiquity, the internet at large.

From the Register:
It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers.

The vulnerability is present in Bash up to and including version 4.3, and was discovered by Stephane Chazelas. It puts Apache web servers, in particular, at risk of compromise: CGI scripts that use or invoke Bash in any way - including any child processes spawned by the scripts - are vulnerable to remote-code injection. OpenSSH and some DHCP clients are also affected on machines that use Bash.
Now is also a good time to wipe your servers and reinstall Minix or Plan9 as a precaution. ;)

Re: mksh workalike (Score: 5, Informative)

by eliphas@pipedot.org on 2014-09-25 12:52 (#2SXF)

[...]because bash goes horribly brain-dead when you attempt line-editing on command lines that wrap-around to the next line. Your bash session becomes practically unusable after you hit that limit (which I do, often)[...]
Hate that too. But for you guys that happen to know/use vi (who doesn't :D) navigation with HJKL and commands, like:
3w - to go to third word from current position
dw - to delete word
c4f. - to replace all text from current position to the fourth ". dot" character (try that with other editing mode!), etc...

Put "set editing-mode vi" in /etc/inputrc (a lot of CLI programs use readline and will read that) or "set -o vi" for your current bash shell or bashrc.
VI mode on command line is a bliss, and "set -o vi" is the first thing I put on my .rc files where I first login on a new server. Bummer that some minimalistic shells like busybox's (only sh there) do not have that :(
Post Comment
Subject
Comment
Captcha
What is eighty eight thousand four hundred and three as digits?