Sailfish OS bash shell is affected by the #shellshock bug
 

Pretty nasty this fella, here is more info and a test:

http://prng.net/shellshock/

I also filed a bug report @together, please vote:
https://together.jolla.com/question/...hellshock-bug/

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

fix will be included in upcoming sailfish update, you can be sure ;)

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

So how exactly do you plan to exploit this vulnerability on Jolla?

What I would like to see is an upgrade to GPLv3 Bash4, instead of wasting more time on their bash3 fork.

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Do they still use Bash3 and why? Are they scared of GPLv3 software like Apple are?

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

@javispedro there are should be some internals accepting environment variables.

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Yes, they use an ancient non-GPLv3 version of Bash. I don't understand why and tbh it's my primary complaint against Jolla.

So..? At this moment the only way I can think of to exploit this right now would be a suid binary that goes its way around bash "don't-run-me-suid" protection (e.g. set{e}uid then system). Which would be pretty nasty in itself since there's another 300 ways to attack those. So if you know one of those please report it.

Virtually the only situations where this bug can cause trouble is everywhere where a backlist/whitelist of environment variables is used to filter out such variables by name only. Because with this bug there are no "safe" env variable names.

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Well, You are probably right, but this is exploitable on several applications aswell. There is a bit more here http://seclists.org/oss-sec/2014/q3/650.

So, applications that expose some of the functionality that is vulnerable (abitrary environment variables) could be used to get at least shell code execution as current user.

But, that being said, I agree, I dont consider this a huge threat to Jolla/SailfishOS

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Yes, you defined it the way I see it. So if you could think of _anywhere_ in which this situation happens on a Jolla or even a normal workstation* then there might be a problem. Otherwise this is not exploitable at all.

*No, running sshd alone does not mean you're vulnerable. If on the other hand you were expecting that people ssh'ing would not be able to run arbitrary code you're in for a nasty surprise (e.g. stupid centralized Git servers, sftp-only servers -- shared hosting, etc.)

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

anyway, waiting for bash update in nieldk repo :)

Re: Sailfish OS bash shell is affected by the #shellshock bug
 

Wow, so you will be installing a random RPM package? Did you know the package could contain a RPM pre/post install script which could:
1) Grab all of your address book contacts,
2) Send compromising SMSs to all of them (plus a few "premium service" SMSs to inflate your bills!),
3) Zip your documents folder and upload to some chinese WWW server,
4) Then proceed to write randomly over your eMMC _permanently_ bricking the Jolla.

#securityscare ;)

The JollaStore RPM packages are somewhat safer, but only because they are manually/statically analyzed.

Just an example of why I think "security scares" are bad. People tend to misplace their fears...