maemo.org - Talk - Sailfish OS bash shell is affected by the #shellshock bug

Page 2 of 5

< Prev

Next >

Last »

Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)

- SailfishOS (https://talk.maemo.org/forumdisplay.php?f=52)

- - Sailfish OS bash shell is affected by the #shellshock bug (https://talk.maemo.org/showthread.php?t=93922)

Bundyo

2014-09-25 10:34

Re: Sailfish OS bash shell is affected by the #shellshock bug

Quote:

Originally Posted by javispedro (Post 1440469)

So how exactly do you plan to exploit this vulnerability on Jolla?

What I would like to see is an upgrade to GPLv3 Bash4, instead of wasting more time on their bash3 fork.

Probably like this, check the Internet Scans section:
http://www.volexity.com/blog/?p=19

javispedro

2014-09-25 10:39

Re: Sailfish OS bash shell is affected by the #shellshock bug

Quote:

Originally Posted by Bundyo (Post 1440491)

Probably like this, check the Internet Scans section:
http://www.volexity.com/blog/?p=19

But do you run a webserver on your Jolla? That can run CGI scripts? :)

Bundyo

2014-09-25 10:41

Re: Sailfish OS bash shell is affected by the #shellshock bug

Not yet :D

nieldk

2014-09-25 10:48

Re: Sailfish OS bash shell is affected by the #shellshock bug

Quote:

Originally Posted by javispedro (Post 1440493)

But do you run a webserver on your Jolla? That can run CGI scripts? :)

Ehh, yes ;)

coderus

2014-09-25 11:01

Re: Sailfish OS bash shell is affected by the #shellshock bug

@javispedro #paranoiaeverywhere, lol

vincr

2014-09-25 13:04

Re: Sailfish OS bash shell is affected by the #shellshock bug

Wrong subforum, but what about Maemo and Meego? These OS'es are infected too with this bug isn't it?

nieldk

2014-09-25 13:38

Re: Sailfish OS bash shell is affected by the #shellshock bug

1 Attachment(s)

Quote:

Originally Posted by coderus (Post 1440484)

anyway, waiting for bash update in nieldk repo :)

Wont have to wait long ;)

Edit: https://openrepos.net/content/nieldk/bash

patchlevel 25, which fixes #shellschock

source (and binaries)
https://build.merproject.org/package...elnielsen/bash

MartinK

2014-09-25 14:49

Re: Sailfish OS bash shell is affected by the #shellshock bug

Quote:

Originally Posted by javispedro (Post 1440490)

The JollaStore RPM packages are somewhat safer, but only because they are manually/statically analyzed.

Yeah, but as people are expected to publish compiled binaries, any QAed application can still every April 1 grab all your pictures and post them to Imgur. :) And the store QA has no realistic chance to find about this beforehand.

Still better than running as root, but there is still a lot of sensitive content accessible to unpriviledged accounts & full network access for all apps.

Drekkie

2014-09-25 16:17

Re: Sailfish OS bash shell is affected by the #shellshock bug

Quote:

Originally Posted by vincr (Post 1440505)

Wrong subforum, but what about Maemo and Meego? These OS'es are infected too with this bug isn't it?

When I ran the test command on my N9 it showed it was affected. I don't run a web server on it but I would be interested if there is any way to patch the N9 and N900 (haven't tested) once the mainstream patches get sorted.

pichlo

2014-09-25 17:43

Re: Sailfish OS bash shell is affected by the #shellshock bug

Just tested on my N900 (Bash4).

Code:

~ $ env x='() { :;}; echo vulnerable'  

bash -c "echo this is a test"

vulnerable

this is a test

~ $

Quote:

Originally Posted by MartinK (Post 1440509)

Still better than running as root

http://imgs.xkcd.com/comics/authorization.png

(Source: http://xkcd.com/1200/)

All times are GMT. The time now is 04:19.

Page 2 of 5

< Prev

Next >

Last »

Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8