Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Shell shock bash bug - are our routers vulnerable?
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Shell shock bash bug - are our routers vulnerable?
- « Previous
-
- 1
- 2
- Next »
Re: Shell shock bash bug - are our routers vulnerable?
29-09-2014 12:12 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: kjpetrie To exploit this flaw a hacker would need the website programmer to pass input direct to a shell, and that's just bad programming.
That may be so but that's exactly how the webservers communicated with the lanugage interpreters. Because things weren't all integrated together, the webserver would set a load of environment variables and call the executable (using the shell) to render the logic for the page.
Message 16 of 18
(258 Views)
Re: Shell shock bash bug - are our routers vulnerable?
01-10-2014 12:19 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hmm. My understanding is that the kernel rather than the shell launches the program, not the interpreter, but the #! line then tells the kernel to launch the interpreter and pass the script to it. Whether a web server would call the kernel function directly or use bash to do so, I don't know. However, it would be very bad practice for a security-conscious application to pass anything derived from outside to the system directly as an environment variable, and I find it hard to believe that would be how it works. However, environment variables are created for the script to receive, and as I now understand it that is the problem, if the script is written in bash as the interpreter to be invoked, and the script therefore uses bash to process its instructions and data.
How many SSI or CGI scripts were written in bash I don't know. I've never done it, always preferring perl, which I found easier to understand (bash has a unique syntax I've always struggled to grasp, so I prefer C-like languages such as perl, javascript or php), but I suppose some might use bash.
How many SSI or CGI scripts were written in bash I don't know. I've never done it, always preferring perl, which I found easier to understand (bash has a unique syntax I've always struggled to grasp, so I prefer C-like languages such as perl, javascript or php), but I suppose some might use bash.
Message 17 of 18
(258 Views)
Re: Shell shock bash bug - are our routers vulnerable?
01-10-2014 9:23 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: krumike Despite being glad my plusnet router is not vulnerable, given the global news coverage of this extraordinary vulnerability I am shocked that this is not offered a fuller explanation and given more prominence in an easier to find location. Surely Plusnet customers deserve to know that they are safe from this vulnerability.
But it doesn't affect PN provided equipment? How many of the other vulnerabilities in products they don't provide would you like them to comment on?!
I'm so swamped in vague PR messages about it anyway the last thing I need is another one.
Message 18 of 18
(258 Views)
- « Previous
-
- 1
- 2
- Next »
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Shell shock bash bug - are our routers vulnerable?