|
|
|
|
|
|
by quesera
4288 days ago
|
|
|
Or "I don't run UNIXes that default to bash, or hide it under /bin/sh, etc." Unfortunately, bash shows up in surprising places, including default Solaris installs nowadays. On OSX and Solaris, I've chmod'ed 0000 /bin/bash with no apparent ill effect so far. I'll put more effort into establishing its acceptability as a solution tomorrow. BSDs won't have bash unless someone has gone out of their way to install it, which can be undone straightforwardly. But it could be a long night for our Linux brethren and sistren. Good luck, and remember to stay hydrated. :) EDIT: obviously, don't chmod 0000 your login shell! Fix that first. Make sure whatever you switch to isn't a symbolic or hard link to bash. |
|
|
In the case of OSX, /bin/sh is also bash. For some reason they are separate binaries (at least on my laptop running 10.9.5) but they're both really bash inside:
So even if you chmod bash to 0 you could still be exposed by anything that uses /bin/sh -- system(), popen(), most shell scripts, etc(ETA: as I've mentioned elsewhere in this thread most people running OSX probably aren't badly impacted since they're not running CGI-based web software or other high-risk activity. I'm just pointing out that your bash-ectomy of OSX isn't as complete as you think it was)