[Cerowrt-devel] bash exploit heads up

Toke Høiland-Jørgensen toke at toke.dk
Wed Sep 24 17:51:59 EDT 2014


Dave Taht <dave.taht at gmail.com> writes:

> shows vulnerable for bash, not sh, on openwrt and cerowrt. That said,
> it makes me nervous. I've never really liked the redir.sh method cero
> uses to bounce people to the right web interface... suggestions to do
> it in javascript or something safer desired.

Doesn't the value of $SERVER_NAME come from the (static) lighttpd
configuration? In that case, redir.sh can be replaced with a static HTML
page.

If not, it's probably doable in the lighttpd configuration if a suitable
redirect/rewrite module is available. I forget the syntax, though,
haven't used lighttpd in ages; I'm sure Google knows, though.

-Toke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140924/2f5d5bb5/attachment.sig>


More information about the Cerowrt-devel mailing list