Paul,

I would like to once again suggest that you simply test the version of
bash you have installed. There is no need to worry if you are not at
risk.

Jeff

On Fri, Jan 9, 2015 at 6:49 PM, paul g <pj.world at hotmail.com> wrote:
> Sorry to post again but I guess this post was started by me so whatever:
>
> Ubuntu and other Debian-derived systems that use Dash exclusively are not at
> risk – Dash isn't vulnerable, but busted versions of Bash may well be
> present on the systems anyway. It's essential you check the shell
> interpreters you're using, and any Bash packages you have installed, and
> patch if necessary.
>
> ^above provided by -->
> http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
>
> Maybe I should move onto something else I could spend a week just reading on
> this topic. For a little person such as myself is that even time well spent?
>
> Just a thought.
>
> Thanks,
>
> ________________________________
> From: pj.world at hotmail.com
> To: tclug-list at mn-linux.org
> Date: Fri, 9 Jan 2015 16:47:28 -0600
>
> Subject: Re: [tclug-list] Patch Bash ShellShock exploit with MKSH?
>
> Yeah I appreciate your advice on doing some vulnerability testing on my
> computer also. I have been reading mainly this article I found off the Mint
> forums. -->
> http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
>
> Granted it's an older article but I could understand most of it quite well.
> Down by the reader comments they are apparently commenting on how Debian is:
> /bin/sh -> dash not /bin/sh -> bash
>
> Granted there is way more to this than just that.
>
> Thanks,
>
>> Date: Fri, 9 Jan 2015 16:34:21 -0600
>> From: chapinjeff at gmail.com
>> To: tclug-list at mn-linux.org
>> Subject: Re: [tclug-list] Patch Bash ShellShock exploit with MKSH?
>>
>> You may wish to test if your version of bash is still unpatched. It's
>> highly likely that you don't even need to cobble together a workaround
>> to partially protect yourself. If your version of bash is patched, you
>> don't have to do anything at all.
>>
>> On Fri, Jan 9, 2015 at 4:22 PM, paul g <pj.world at hotmail.com> wrote:
>> > Thanks for the links i've been reading for the last 4 hours. I am a very
>> > slow reader but I believe that at least part of the 'patch' so far at
>> > least
>> > on Mint 17 is:
>> >
>> > lrwxrwxrwx 1 root root 4 Dec 11 23:13 sh -> dash
>> >
>> > See above symlinked sh to dash now not bash.
>> >
>> > Thanks for responding and sending the links over.
>> >
>> >
>> >
>> >> Date: Fri, 9 Jan 2015 02:20:23 -0600
>> >> From: chapinjeff at gmail.com
>> >> To: tclug-list at mn-linux.org
>> >> Subject: Re: [tclug-list] Patch Bash ShellShock exploit with MKSH?
>> >
>> >>
>> >> On Thu, Jan 8, 2015 at 10:44 PM, paul g <pj.world at hotmail.com> wrote:
>> >> > 1. Can I migrate to MKSH shell on my LinuxMint17 computer quite
>> >> > easily?
>> >> http://community.linuxmint.com/software/view/mksh
>> >>
>> >> Looks like it's in the Mint repos, so installing it is fairly easy.
>> >> Since it is related to ksh, and not bash, there will be a little bit
>> >> of a learning curve.
>> >>
>> >>
>> >> >
>> >> > 2. How necessary is this to be concerned about?
>> >>
>> >>
>> >> Not at all. Shellshock has been patched on most major modern OSes
>> >> since October. You can check if you are still on a vulnreble version
>> >> of bash following the directions here:
>> >>
>> >>
>> >>
>> >> http://linuxg.net/canonical-has-patched-bash-agains-the-shellshock-exploit-update-your-ubuntu-14-04-or-ubuntu-12-04-system-now/
>> >>
>> >>
>> >> >
>> >> > Your thoughts are appreciated.
>> >> > Thank you,
>> >> >
>> >> > _______________________________________________
>> >> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> >> > tclug-list at mn-linux.org
>> >> > http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Jeff Chapin
>> >> President, CedarLug, retired
>> >> President, UNIPC, "I'll get around to it"
>> >> President, UNI Scuba Club
>> >> Senator, NISG, retired
>> >> _______________________________________________
>> >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> >> tclug-list at mn-linux.org
>> >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>> >
>> > _______________________________________________
>> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> > tclug-list at mn-linux.org
>> > http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>> >
>>
>>
>>
>> --
>> Jeff Chapin
>> President, CedarLug, retired
>> President, UNIPC, "I'll get around to it"
>> President, UNI Scuba Club
>> Senator, NISG, retired
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at mn-linux.org
>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
> _______________________________________________ TCLUG Mailing List -
> Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>



-- 
Jeff Chapin
President, CedarLug, retired
President, UNIPC, "I'll get around to it"
President, UNI Scuba Club
Senator, NISG, retired