Thread: Sailfish OS bash shell is affected by the #shellshock bug
View Single Post
javispedro's Avatar
javispedro is offline javispedro
2014-09-26 , 09:26
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#30
Originally Posted by LadyBug View Post
If someone is curious how shellshock could be used to attack a Sailfish device, this illustrates one attack vector: https://pbs.twimg.com/media/ByZZUzmIIAAuFaR.jpg:large

That is, a malicious DHCP server could attack by sending code in the options field. I haven't verified this with my Jolla, but in theory this could be bad. Think of public WIFI access points...
Jolla doesn't use dhclient; it uses connman's builtin gdhcp client.

EDIT: Again, during "security crazes" please remember to keep your brain turned on. There's a shitton of people (e.g. stackoverflow) who is right now posting "instructions to solve the bash bug" which include absurd things such as replacing your distro's bash with some random online version. Without proper care, that's even more stupid than plainly doing nothing.

This doesn't necessarily apply to nieldk's packages, which I think one can trust (hehe ;P), but please remember to be generally cautious about this.
Last edited by javispedro; 2014-09-26 at 09:31.
 

The Following 7 Users Say Thank You to javispedro For This Useful Post: