On Sun, Sep 28, 2014 at 02:24:28PM +0200, rysiek wrote:
Dnia sobota, 27 wrzeĊnia 2014 20:57:13 Troy Benjegerdes pisze:
So every once in awhile I have fits of plausible paranoia, which lead me to second guess the motives of everyone arguing why it's 'so hard' to simplify things by doing something like removing bash from debian.
And that will solve the problem -- how? I am not convinced other shells would be considerably better/safer (I may be wrong here, of course); the problem was (as Travis pointed out) the mind-boggling clusterfsck of cgi-bin. If I were to look for a radical move here, it would be abandoning cgi-bin as a matter of policy.
Well, something like "() { true;}; rm -rf /var/lib/cgi-gin" solves that problem quite nicely. What gets the paranoia going is #!/bin/bash in dhclient-script I'm at least somewhat encouraged by things like systemd and network-manager that appear to be moving away from shell scripts for running the basic system. -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer@hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash