Make sure you update linux and ios!

En el artículo , Andy Burns escribió:

Knew that as soon as I saw your name on the post I was replying to :)

We have a few elderly CentOS 5. machines, and I was impressed that the bash update was available for them via yum update without having to go rpm hunting.

En el artículo , Andy Burns escribió:

I saw a couple of reports that BusyBox may be vulnerable, but on my Netgear router:

BusyBox v1.01 (2008.11.28-10:31+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands.

# env X="() { :;} ; echo busted" /bin/sh -c "echo completed" completed #

Starting to think a "rm -f /bin/bash && ln -s /bin/tcsh /bin/bash" on every machine would be a good idea.

:) in case anyone thinks I'm serious!

assuming your system actually uses bash by default rather than dash.

its just appeared on mine.

rm -rf / would be more secure ;-)

dpkg-query -l libc6

The versions are:

4.0 2.3.6.ds1-13etch10+b1 5.0 2.7-18lenny7 6.0 2.11.3-4 7.0 2.13-38+deb7u1

That should give you a rough idea when yours was cut from...

Memory not 100% here... ISTR it being barely usable on NTFS. CPU use excess ive, access was slow, and it gave the USB device very long random string na mes, making it a huge pita to access. I don't remember which ver of centos it was, but over a year ago.

NT

2.13-21 so presumably 7. Thank you.

NT

Also Ubuntu.

And if they don't, they fail the security audit here.

Yes. But an Ubuntu patch arrived this morning, which I assume came from Debian, so that should apply to Mint, also.

Unless you run services accessible from the Internet, you have nothing to worry about anyway.

wget

$(dpkg --print-architecture).deb saved a 1.1M file. But where I haven't a clue. Its frustrating, I knew win98 well, now I know sod all about linux.

NT

Yes. But the chances that it is running bash are very, very small. Most embedded Linux distros run a shell called busybox which isn't vulnerable.

Some knob on one of the Mac groups already suggested this. Seriously. Sigh.

Probably close enough for the bash package to have usable linkages to the libs.

I would advise making a copy of /bin/bash first in case it goes t*ts up.

And run the upgrade from another shell...

The bash package has ldd dependencies, but does not contain any libs, so no need to worry about them.

Bash has lots of idiosyncrasies which will likely cause scripts to break with other shells. OTOH, it should never be used as a scripting language, although it's fine as an interactive shell.

# rm -rf / rm of / is not allowed #

;-)

The main concern for things like routers is access via cgi-bin of their web interface, particularly if the default apache CGI scripts were left in place, and the system's default shell (/bin/sh) is bash.

Care to elaborate?

In article , snipped-for-privacy@care2.com writes

not had that here

it's called a UUID:

Things are much better now. An icon pops up on the desktop, or if you're at the command line, USB devices are mounted on /media. If it has a long UUID mounted under /media, you can just press tab to auto- complete.

In article , snipped-for-privacy@care2.com writes

In the same directory as you ran the wget. Probably your home directory, enter 'cd' on its own to go home.