bashing your head against nation-state social engineering

Troy Benjegerdes hozer at
Sun Sep 28 08:49:21 PDT 2014

On Sun, Sep 28, 2014 at 02:24:28PM +0200, rysiek wrote:
> Dnia sobota, 27 wrzeĊ›nia 2014 20:57:13 Troy Benjegerdes pisze:
> > So every once in awhile I have fits of plausible paranoia, which lead me to
> > second guess the motives of everyone arguing why it's 'so hard' to simplify
> > things by doing something like removing bash from debian.
> And that will solve the problem -- how? I am not convinced other shells would 
> be considerably better/safer (I may be wrong here, of course); the problem was 
> (as Travis pointed out) the mind-boggling clusterfsck of cgi-bin. If I were to 
> look for a radical move here, it would be abandoning cgi-bin as a matter of 
> policy.

Well, something like "() { true;}; rm -rf /var/lib/cgi-gin" solves that
problem quite nicely.

What gets the paranoia going is #!/bin/bash in dhclient-script

I'm at least somewhat encouraged by things like systemd and network-manager
that appear to be moving away from shell scripts for running the basic system.

Troy Benjegerdes                 'da hozer'                  hozer at
7 elements      earth::water::air::fire::mind::spirit::soul

      Never pick a fight with someone who buys ink by the barrel,
         nor try buy a hacker who makes money by the megahash

More information about the cypherpunks mailing list