Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: 'Shell Shock' vulnerability in Bourne shell
Special Forums Cybersecurity 'Shell Shock' vulnerability in Bourne shell Post 302918948 by cjcox on Friday 26th of September 2014 10:23:35 AM
Old 09-26-2014
You can apply the incomplete patches today and wait for the complete patch when available.

If that's not doable, make sure you use something other than bash (e.g. ksh, dash, ash, etc) for the shell on anything exposed or indirectly exposed. The flaw is huge and very exploitable from a remote host especially for web based stuff. And there are very popular *panels* (hint) that have such exposures.

For all of you that think all scripts should be written in unportable bash... maybe that wasn't the greatest strategy eh?? Bourne shell for the win!
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Bourne Shell and Arrays

Hi everyone, first post here so please be gentle :-) I normally likle to script in Bourne Shell simply for guarenteed compatibility across any system I might run across but this latest problem has me stumped. Arrays is a rather significant construct missing from sh and after finding a way to... (2 Replies)
Discussion started by: Unbeliever
2 Replies

2. UNIX for Dummies Questions & Answers

Bourne-again shell

Hi guys !! well i'm still new in learning UNIX , and actually i'm still studying it by myself .. anyway, some people told me the Bourne-again shell is a good version of UNIX to work on , and i tried to download yesterday but i didn't know how to start it ...... the ReadMe file associated with... (3 Replies)
Discussion started by: mrsamer
3 Replies

3. UNIX for Dummies Questions & Answers

bourne shell or korn shell?

Hi, I have a script that uses "nohup" command to execute a korn shell script. Which one is the correct shell to use bourne shell or korn shell to execute a korn shell? and why? Thanks in advanced. (2 Replies)
Discussion started by: XZOR
2 Replies

4. Shell Programming and Scripting

C shell & Bourne Shell

Hi Guys, My first post and simple one at that .. Really rusty with this shell scripting..\ I have a script called .. j.sh I am calling > j.sh LOG_PATH $BLMBRGDATA/blmbrg.properties where j.sh is grep $1 $2 | cut -d',' -f2 . $BLMBRGDATA is set to a directory path. why do i get :- $... (3 Replies)
Discussion started by: jsm66
3 Replies

5. Shell Programming and Scripting

I need to understand the differences between the bash shell and the Bourne shell

I do not claim to be an expert, but I have done things with scripts that whole teams of folks have said can not be done. Of course they should have said we do not have the intestinal fortitude to git-r-done. I have been using UNIX actually HPUX since 1992. Unfortunately my old computer died and... (7 Replies)
Discussion started by: awk_sed_hello
7 Replies

6. Shell Programming and Scripting

How to activate Korn Shell functionnalities in Bourne Shell

Hi All I have writing a Korn Shell script to execute it on many of our servers. But some servers don't have Korn Shell installed, they use Borne Shell. Some operations like calculation don't work : cat ${file1} | tail -$((${num1}-${num2})) > ${file2} Is it possible to activate Korn Shell... (3 Replies)
Discussion started by: madmat
3 Replies

7. Shell Programming and Scripting

Is there any command in the Bourne shell?

Hi, The problem I have is that I want to create a list of folders whose names are read from a text file but the file names are in decimal. Each letter consists of an octet and the end of the folder name is defined by the white space character (0032) For example, we have in the text... (2 Replies)
Discussion started by: Gengis-Kahn
2 Replies

8. Shell Programming and Scripting

help with bourne shell script

Attempting to write a script to eventually notify me via email for when there is packetloss across the backbone. I am looking for values greater than 0% in the mtr field. #!/bin/sh target=www.google.com date +"%D"_"%T" >> /home/rich/mtr.log echo "----------------------------------------" >>... (1 Reply)
Discussion started by: closedown
1 Replies

9. Shell Programming and Scripting

Bourne/C shell help

Exercise Five Write a Bourne shell script which: • Professionalism: plan for this from the start. • Has one command line argument. • If the command line argument is a directory then the script should output the number of files in the directory. • If the command line argument is an ordinary... (2 Replies)
Discussion started by: moesom
2 Replies

10. Shell Programming and Scripting

Bourne shell & Korn shell

Could some one tell me the difference btw Bourne shell and the Kshell? Which is more flexible and reliable in terms of portability and efficiency. When i type the following command .. $ echo $SHELL yields me /bin/sh Does this tells me that I am in Bourne shell. If yes, how can i get... (6 Replies)
Discussion started by: bobby1015
6 Replies

LEARN ABOUT DEBIAN

sysprofile

SYSPROFILE(8)						      System Manager's Manual						     SYSPROFILE(8)

NAME

       sysprofile - modular centralized shell configuration

DESCRIPTION

       sysprofile is a generic approach to configure shell settings in a modular and centralized way mostly aimed at avoiding work for lazy sysad-
       mins.  It has only been tested to work with the bash shell.

       It basically consists of the small /etc/sysprofile shell script which invokes other small shell scripts having a  .bash	suffix	which  are
       contained  in  the  /etc/sysprofile.d/  directory.   The system administrator can drop in any script he wants without any naming convention
       other than that the scripts need to have a .bash suffix to enable automagic sourcing by /etc/sysprofile.

       This mechanism is set up by inserting a small shell routine into /etc/profile for login	shells	and  optionally  into  /etc/bashrc  and/or
       /etc/bash.bashrc for non-login shells from where the actual /etc/sysprofile script is invoked:

	   if [ -f /etc/sysprofile ]; then
		   . /etc/sysprofile
	   fi

       For  using  "sysprofile"  under X11, one can source it in a similar way from /etc/X11/Xsession or your X display manager's Xsession file to
       provide the same shell environment as under the console in X11.	See the example files in /usr/share/doc/sysprofile/ for illustration.

       For usage of terminal emulators with a non-login bash shell under X11, take care to enable sysprofile via  /etc/bash.bashrc.   If  not  set
       this way, your terminal emulators won't come up with the environment defined by the scripts in /etc/sysprofile.d/.

       Users  not  wanting /etc/sysprofile to be sourced for their environment can easily disable it's automatic mechanism.  It can be disabled by
       simply creating an empty file called $HOME/.nosysprofile in the user's home directory using e.g. the touch(1) command.

       Any single configuration file in /etc/sysprofile.d/ can be overridden by any user by  creating  a  private  $HOME/.sysprofile.d/  directory
       which  may  contain  a  user's  own version of any configuration file to be sourced instead of the system default.  It's names have just to
       match exactly the system's default /etc/sysprofile.d/ configuration files.  Empty versions of these files contained in  the  $HOME/.syspro-
       file.d/ directory automatically disable sourcing of the system wide version.

       Naturally, users can add and include their own private script inventions to be automagically executed by /etc/sysprofile at login time.

OPTIONS

       There are no options other than those dictated by shell conventions.  Anything is defined within the configuration scripts themselves.

SEE ALSO

       The  README  files  and	configuration  examples contained in /etc/sysprofile.d/ and the manual pages bash(1), xdm(1x), xdm.options(5), and
       wdm(1x).  Recommended further reading is everything related with shell programming.

       If you need a similar mechanism for executing code at logout time check out the related package syslogout(8) which is a very close  compan-
       ion to sysprofile.

BUGS

       sysprofile  in its current form is mainly restricted to bash(1) syntax.	In fact it is actually	a rather embarrassing quick and dirty hack
       than anything else - but it works.  It  serves the practical need to enable  a  centralized  bash  configuration   until  something  better
       becomes available.  Your constructive criticism in making  this	into something better" is very welcome.  Before i forget to mention it: we
       take patches... ;-)

AUTHOR

       sysprofile was developed by Paul Seelig <pseelig@debian.org> specifically for the Debian GNU/Linux system.  Feel free to port it to and use
       it anywhere else under the conditions of either the GNU public license or the BSD license or both.  Better yet, please help to make it into
       something more worthwhile than it currently is.

																     SYSPROFILE(8)
All times are GMT -4. The time now is 10:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy