Sunday, September 28, 2014

(Tech) Shellshock Resistant BASH!

No, the title isn't some special move by some anime or videogame character. Anyone who uses GNU/Linux, Unix or Mac may have read about this already. Basically the command shell used by these OSes (usually BASH, or the Bourne Again SHell) has a bug that allows code to be executed before the actual script is called.

A simple way to find out if your computer's BASH got shellshocked.

As simple way to ind out if your command shell is affected is by running the code below:

 env x='() { :;}; echo vulnerable to shellshock' bash -c 'echo Nope. Not today.'

If you're safe, you'd only see the prompt respond with "Nope. Not today."

However, if you see it respond "vulnerable to shellshock" it basically executed code that it wasn't supposed to execute. Your shell has the bug and you're vulnerable.

You're recommended to update and patch your BASH shell to correct this. Chances are, the people that support the OS you're using have already rolled out an update that addresses this bug.

To read more on shellshock, I'd recommend this simple article from engadget.


And no, you don't have to be a geek to address this either.


My thanks to Engadget for the shellshock information: www.engadget.com/2014/09/25/what-is-the-shellshock/

No comments:

Post a Comment