Re^3: The importance of avoiding the shell

The shell used by system is actually given by perl -V:sh.

$ perl -V:sh
sh='/bin/sh';
[download]

If you want to find out if that's bash, you can use

$ ls -l /bin/sh
lrwxrwxrwx 1 root root 9 Apr 10 17:08 /bin/sh -> /bin/bash
[download]

Like your code, that only works if and only if /bin/sh is a symlink. A more reliable check is

$ /bin/sh --version
GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)
...
[download]

Comment on Re^3: The importance of avoiding the shell Select or Download Code

Replies are listed 'Best First'.
Re^4: The importance of avoiding the shell by LanX (Saint) on Sep 29, 2014 at 13:36 UTC
I think in world of multiple forks and vendors the most reliable way is just testing for the exploit itself, like it's done (used to be?) with JS-features in different Browsers. The situation is similar, since alternative shells come as a compatible replacement for bash they try to mimic authentication. I.e. version number or env-vars are not that reliable. For instance does my dash not even support the `--version` option `lanx@nc10-ubuntu:~$ dash --version dash: Illegal option -- lanx@nc10-ubuntu:~$ dash -version dash: Illegal option -r` [download] I already tested for symlink without success, but seems like I had a typo ... Cheers Rolf _{(addicted to the Perl Programming Language and ☆☆☆☆ :)}	[reply] [d/l] [select]
Re^5: The importance of avoiding the shell by ikegami (Patriarch) on Sep 29, 2014 at 13:43 UTC
I think in world of multiple forks and vendors the most reliable way is just testing for the exploit itself, Most definitely. For instance does my dash not even support the --version option Then it's not `bash`.	[reply] [d/l]