Skip to first unread message

Mark Young

unread,
Sep 26, 2014, 9:39:09 AM9/26/14
to beagl...@googlegroups.com

Robert Nelson

unread,
Sep 26, 2014, 9:42:41 AM9/26/14
to Beagle Board
On Fri, Sep 26, 2014 at 8:39 AM, Mark Young <mymou...@gmail.com> wrote:
> The bash flaw is there, does anyone have information on a fix yet?
>
> http://securitywatch.pcmag.com/internet/327769-serious-bash-flaw-lets-attackers-hijack-linux-and-mac-computers
>

It should come down the security repo:

sudo apt-get update
sudo apt-get upgrade

see:
https://packages.qa.debian.org/b/bash.html

Regards,

--
Robert Nelson
http://www.rcn-ee.com/

c...@isbd.net

unread,
Sep 27, 2014, 5:48:41 AM9/27/14
to beagl...@googlegroups.com
Mark Young <mymou...@gmail.com> wrote:
> [-- text/plain, encoding 7bit, charset: UTF-8, 13 lines --]
>
> The bash flaw is there, does anyone have information on a fix yet?
>
> http://securitywatch.pcmag.com/internet/327769-serious-bash-flaw-lets-attackers-hijack-linux-and-mac-computers
>
As already noted the fix is already in the repositories.

However the vulnerability is only a risk to a BBB which has some sort
of access open to the internet. If your BBB is on a LAN behind a NAT
router and you don't have any ports open and redirected to the BBB
then your BBB isn't at risk even if not patched yet.

--
Chris Green
·

Nuno Sucena Almeida

unread,
Sep 27, 2014, 8:48:03 AM9/27/14
to beagl...@googlegroups.com
On 09/27/2014 05:35 AM, c...@isbd.net wrote:
> If your BBB is on a LAN behind a NAT
> router and you don't have any ports open and redirected to the BBB
> then your BBB isn't at risk even if not patched yet.

Unless the router dhcp daemon gets compromised:

https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/

--

c...@isbd.net

unread,
Sep 27, 2014, 10:34:04 AM9/27/14
to beagl...@googlegroups.com
... and it runs bash, which is unlikely. Anyway, why is the router's
DHCP going to talk to the outside?

--
Chris Green
·

Mark

unread,
Sep 27, 2014, 10:59:10 AM9/27/14
to beagl...@googlegroups.com
My company has it setup.

Mark

·

--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to a topic in the Google Groups "BeagleBoard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/beagleboard/qty38kNQhL8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to beagleboard...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Mr Mark F. Young

"We cannot solve our problems with the same
 thinking we used when we created them"
-Einstein

"The Empires of the Future will be the Empires of the mind"
– Winston Churchill

William Hermans

unread,
Sep 27, 2014, 11:28:08 AM9/27/14
to beagl...@googlegroups.com
apt-get update && apt-get upgrade problem solved.

You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.

Jesse Cobra

unread,
Sep 27, 2014, 12:26:45 PM9/27/14
to beagl...@googlegroups.com
Doesn't BeagleBoard use busybox bash which doesn't even have the flaw?

On Sat, Sep 27, 2014 at 7:59 AM, Mark <mymou...@gmail.com> wrote:
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.

Robert Nelson

unread,
Sep 27, 2014, 2:17:35 PM9/27/14
to Beagle Board


On Sep 27, 2014 11:26 AM, "Jesse Cobra" <jesse...@gmail.com> wrote:
>
> Doesn't BeagleBoard use busybox bash which doesn't even have the flaw?

Starting with the BBB rev c, the factory image is based on Debian. This we use real bash...

William Hermans

unread,
Sep 27, 2014, 9:20:10 PM9/27/14
to beagl...@googlegroups.com
Not to step on Roberts toes or anything but technically Debian comes with with dash configured. Whether or not there is something done after the fact I do not know. As I have pretty much been using my own custom rootfs based on Roberts build instructions since last year. Also I am not sue  if what effects bash effects dash too but . . .

However all it takes is one command dpkg-reconfigure dash -> select no and all bets are off.

--

Robert Nelson

unread,
Sep 27, 2014, 9:32:58 PM9/27/14
to Beagle Board
On Sat, Sep 27, 2014 at 8:20 PM, William Hermans <yyr...@gmail.com> wrote:
> Not to step on Roberts toes or anything but technically Debian comes with
> with dash configured. Whether or not there is something done after the fact
> I do not know. As I have pretty much been using my own custom rootfs based
> on Roberts build instructions since last year. Also I am not sue if what
> effects bash effects dash too but . . .
>
> However all it takes is one command dpkg-reconfigure dash -> select no and
> all bets are off.

In debian, bash is still considered "essential" therefor it's always
installed. By default "dash" takes over /bin/sh

There's a todo here:

https://wiki.debian.org/Proposals/RemoveBashFromEssential
Reply all
Reply to author
Forward
0 new messages