From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com
	[IPv6:2607:f8b0:4003:c06::235])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 2A9CD21F2C4
	for <cerowrt-devel@lists.bufferbloat.net>;
	Wed, 24 Sep 2014 14:45:23 -0700 (PDT)
Received: by mail-oi0-f53.google.com with SMTP id x69so934811oia.40
	for <cerowrt-devel@lists.bufferbloat.net>;
	Wed, 24 Sep 2014 14:45:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=dn0bUuartHlcGModt8r8iV6vpCc5amFylz+33+2zlSM=;
	b=VRzTPpkWHoo9V58Sa3fPYf3iRwuUn5FSzyr6+asbnTYJaR/850prpWKdgTlWvFb+N/
	JgY1mVXWPExKsVVC5g8G5kZc8P6I2x5c5SaYAukIFxGfb5o3iHk/6q3BREqVoVJkYfLq
	2T+vDE3XBuC8aU3mkQM6w7LJmxwHywrPr4IJMy0/SGZ2MNnDByIhmuoPLYYJnZLiut5B
	nV003VJsWKEzMQeoVWaOUcSEEsWQishdIQTZfMYUDUcRa891B4yAJ1Z3mS9A3XPXpGQy
	F9/jVyt6dFgAcwx2PYJ7YiJl/cNjZSmqjJoWlDjr1i1xmSMKGMVaZSsyE5LsCW8I+GIC
	fmkg==
MIME-Version: 1.0
X-Received: by 10.60.179.200 with SMTP id di8mr9342971oec.75.1411595122794;
	Wed, 24 Sep 2014 14:45:22 -0700 (PDT)
Received: by 10.202.227.76 with HTTP; Wed, 24 Sep 2014 14:45:22 -0700 (PDT)
Date: Wed, 24 Sep 2014 14:45:22 -0700
Message-ID: <CAA93jw6ssG9624d+HrZuVwdE00r5=qNSv0va3dQweUJLbqjthw@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: [Cerowrt-devel] bash exploit heads up
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 24 Sep 2014 21:45:52 -0000

>From fiddling with busybox's ash shell... thus far it *does NOT*
appear vulnerable to this.

http://linux.slashdot.org/story/14/09/24/1638207/remote-exploit-vulnerabili=
ty-found-in-bash

Simple test:

env x=3D'() { :;}; echo vulnerable' bash -c "echo this is a test"

shows vulnerable for bash, not sh, on openwrt and cerowrt. That said,
it makes me nervous. I've never really liked the redir.sh method cero
uses to bounce people to the right web interface... suggestions to do
it in javascript or something safer desired.

and I'm aware that several people do run bash on cero, so be aware of
this issue.

--=20
Dave T=C3=A4ht

https://www.bufferbloat.net/projects/make-wifi-fast