Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even if you use popen() or system() in your application, Debian/Ubuntu machines are not affected. These distributions don't use bash for /bin/sh. `dash`(Debian ash) is used instead.

Good work, Debian!



Depends on which Debian version you're running:

"Up to DebianLenny, the default /bin/sh shell was bash. Starting with DebianSqueeze, the default shell will be dash (see DashAsBinSh)."

[https://wiki.debian.org/Shell]

I think the safest thing here is to update no matter what shell your system is using. There is a multitude of vectors on how to attack a vulnerable machine if it has Bash installed on it.


Debian has lots of Bash scripts in /usr/bin. Make sure you aren't indirectly using any of them. Or just patch Bash.


Yeah, that's an important point to stress:

Whether you have been vulnerable to this bug or not is important -- for the decision to wipe and reinstall.

It's not important for the decision to patch, which should be done everywhere possible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: