[Cerowrt-devel] bash exploit heads up

[Dave Taht]

>From fiddling with busybox's ash shell... thus far it *does NOT*
appear vulnerable to this.

http://linux.slashdot.org/story/14/09/24/1638207/remote-exploit-vulnerability-found-in-bash

Simple test:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

shows vulnerable for bash, not sh, on openwrt and cerowrt. That said,
it makes me nervous. I've never really liked the redir.sh method cero
uses to bounce people to the right web interface... suggestions to do
it in javascript or something safer desired.

and I'm aware that several people do run bash on cero, so be aware of
this issue.

-- 
Dave Täht

https://www.bufferbloat.net/projects/make-wifi-fast