Re: Sailfish OS bash shell is affected by the #shellshock bug
 

So just uninstall bash, busybox with sh is safe

Probably more worrying for n900 is the apt-get vulnerability (do you apt-get upgrade vulnerable apt-get to get safe apt-get???), didn't see a thread about it:
https://lists.debian.org/debian-secu.../msg00212.html
https://lists.debian.org/debian-secu.../msg00216.html
https://lists.debian.org/debian-secu.../msg00219.html

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Wouldn't bet too much money on that. Original patch had some issues (rather quickly someone came with an example how to still exploit it, though supposedly less severely), most opinions are that there will be a few patches as people come up with more examples. At least some patch I hope will be delivered

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

https://together.jolla.com/question/...#post-id-56855

This is the official answer, the thread was closed :)

Oh, some gory details on the first 0day exploit malware (botnet it seems):
http://www.kernelmode.info/forum/vie...&t=3505#p23987

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Since no Maemo originally shipped bash, you can be certainly sure no script is using it (unless you replaced /bin/sh with bash but I know for sure that didn't work on Fremantle). So it's also not exploitable.

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

developing: http://seclists.org/oss-sec/2014/q3/712

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

I have bash on my N9 and it's vulnerable.. hope to see some patched bash in openrepos. Just to be sure it's safe. :rolleyes:

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

If someone is curious how shellshock could be used to attack a Sailfish device, this illustrates one attack vector: https://pbs.twimg.com/media/ByZZUzmIIAAuFaR.jpg:large

That is, a malicious DHCP server could attack by sending code in the options field. I haven't verified this with my Jolla, but in theory this could be bad. Think of public WIFI access points...

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

For time being you can 'apt-get remove' bash. Of course depending on what software you run; on my N9 Schturman's N9 QTweak was only application using it. N9 QTweak reinstalls bash during the application launch, though.

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Nice one!

Feel free to test that with my bash ;)
http://talk.maemo.org/showpost.php?p...6&postcount=17

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Jolla doesn't use dhclient; it uses connman's builtin gdhcp client.

EDIT: Again, during "security crazes" please remember to keep your brain turned on. There's a shitton of people (e.g. stackoverflow) who is right now posting "instructions to solve the bash bug" which include absurd things such as replacing your distro's bash with some random online version. Without proper care, that's even more stupid than plainly doing nothing.

This doesn't necessarily apply to nieldk's packages, which I think one can trust (hehe ;P), but please remember to be generally cautious about this.