<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Sep 25, 2014 at 1:05 AM, B.S. <span dir="ltr"><<a href="mailto:bs27975@yahoo.ca" target="_blank">bs27975@yahoo.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class=""><div class="h5">
<br>
</div></div>Presumably, at the least, a post-update logout/login will be necessary<br>
on each machine, if not an entire reboot. (Care to trust that ALL<br>
scripts run between turn on and user prompt use sh not bash? And that<br>
sh hasn't been inadvertently equivalenced to bash?)<br>
<br>
Given that most of us probably have a command line up (outside of any<br>
GUI too!), and thus in memory. Updating will catch any new instances,<br>
but not those you're already in the middle of.<br>
<br>
I suppose this means rebooting all servers, too. <sigh?><br></blockquote><div><br></div><div>Rebooting is not necessary. The exploit is only possible when invoking bash provided you can set it's environment (for example: By crafting a user-agent for a bash cgi script). Already running bash processes are not exploitable.<br><div><br>cirwin@irwin03:~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"<br>vulnerable<br>this is a test<br>cirwin@irwin03:~ $ sudo yum upgrade bash<br>[...]<br>cirwin@irwin03:~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"<br>bash: warning: x: ignoring function definition attempt<br>bash: error importing function definition for `x'<br>this is a test<br><br></div><div>It makes sense that you don't need to close the terminal. The vulnerability is environment poisoning before invoking
bash -- the test in this thread invokes a new bash process, for example.
So in theory, your running bash sessions were either already exploited,
or effectively safe.<br></div><div><br></div><div>Interestingly, needs-restarting reported no services or processes that should be restarted.<br></div><div><br>cirwin@irwin03:~ $ sudo needs-restarting <br>cirwin@irwin03:~ $ <br><br></div>Although
`lsof` reports my four bash shells, and the ksmtuned service that are
using obsolete bash shells (though again, they can't be exploited once
running) . Not sure why needs-restarting misses that unless there is
some criteria that wasn't met.<br><br>cirwin@irwin03:~ $ sudo lsof | grep DEL | grep bash<br>ksmtuned 707 root DEL REG 0,33 371203 /usr/bin/bash;54241eb1<br>bash 28791 cirwin DEL REG 0,33 371203 /usr/bin/bash;54241eb1<br>bash 28859 cirwin DEL REG 0,33 371203 /usr/bin/bash;54241eb1<br>bash 29091 cirwin DEL REG 0,33 371203 /usr/bin/bash;54241eb1<br>bash 29151 cirwin DEL REG 0,33 371203 /usr/bin/bash;54241eb1<br><br></div></div><br>-- <br><div dir="ltr">Chris Irwin<br><<a href="mailto:chris@chrisirwin.ca" target="_blank">chris@chrisirwin.ca</a>></div>
</div></div>