From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <esj@eggo.org>
Received: from z.eggo.org (z.eggo.org [80.235.105.138])
	by huchra.bufferbloat.net (Postfix) with ESMTP id 9208C21F20A
	for <cerowrt-devel@lists.bufferbloat.net>;
	Wed, 24 Sep 2014 14:55:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by z.eggo.org (Postfix) with ESMTP id D4D163C377F
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 25 Sep 2014 00:55:08 +0300 (EEST)
Received: from z.eggo.org ([127.0.0.1])
	by localhost (z.eggo.org [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id ZfiAha18zITX for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 25 Sep 2014 00:55:03 +0300 (EEST)
Received: from localhost (localhost [127.0.0.1])
	by z.eggo.org (Postfix) with ESMTP id EA7583C36F3
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 25 Sep 2014 00:55:02 +0300 (EEST)
X-Virus-Scanned: amavisd-new at harvee.org
Received: from z.eggo.org ([127.0.0.1])
	by localhost (z.eggo.org [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id sNPLS0pulDrH for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 25 Sep 2014 00:55:02 +0300 (EEST)
Received: from [10.43.6.113] (173-14-129-9-NewEngland.hfc.comcastbusiness.net
	[173.14.129.9]) by z.eggo.org (Postfix) with ESMTPSA id 83AE13C3342
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 25 Sep 2014 00:55:02 +0300 (EEST)
Message-ID: <54233DB3.4020602@eggo.org>
Date: Wed, 24 Sep 2014 17:54:59 -0400
From: "Eric S. Johansson" <esj@eggo.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
	rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: cerowrt-devel@lists.bufferbloat.net
References: <CAA93jw6ssG9624d+HrZuVwdE00r5=qNSv0va3dQweUJLbqjthw@mail.gmail.com>
In-Reply-To: <CAA93jw6ssG9624d+HrZuVwdE00r5=qNSv0va3dQweUJLbqjthw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Cerowrt-devel] bash exploit heads up
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 24 Sep 2014 21:55:40 -0000


On 9/24/2014 5:45 PM, Dave Taht wrote:
> shows vulnerable for bash, not sh, on openwrt and cerowrt. That said,
> it makes me nervous. I've never really liked the redir.sh method cero
> uses to bounce people to the right web interface... suggestions to do
> it in javascript or something safer desired.
>

http://www.w3.org/QA/Tips/reback

I'll take a look in the next couple of days if no one beats me to it.