Re^4: The importance of avoiding the shell


Welcome to the Monastery
	PerlMonks

Re^4: The importance of avoiding the shell

by LanX (Saint)

on Sep 29, 2014 at 13:36 UTC ( [id://1102357]=note: print w/replies, xml )

Need Help??

in reply to Re^3: The importance of avoiding the shell
in thread The importance of avoiding the shell

I think in world of multiple forks and vendors the most reliable way is just testing for the exploit itself, like it's done (used to be?) with JS-features in different Browsers.

The situation is similar, since alternative shells come as a compatible replacement for bash they try to mimic authentication. I.e. version number or env-vars are not that reliable.

For instance does my dash not even support the --version option

lanx@nc10-ubuntu:~$ dash --version
dash: Illegal option --
lanx@nc10-ubuntu:~$ dash -version
dash: Illegal option -r
[download]

I already tested for symlink without success, but seems like I had a typo ...

Cheers Rolf

_{(addicted to the Perl Programming Language and ☆☆☆☆ :)}

Comment on Re^4: The importance of avoiding the shell Select or Download Code

Replies are listed 'Best First'.
Re^5: The importance of avoiding the shell by ikegami (Patriarch) on Sep 29, 2014 at 13:43 UTC
I think in world of multiple forks and vendors the most reliable way is just testing for the exploit itself, Most definitely. For instance does my dash not even support the --version option Then it's not `bash`.	[reply] [d/l]

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1102357]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others imbibing at the Monastery: (5)

As of 2024-04-25 07:14 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found