Login shell

Daniel J. Luke dluke at geeklair.net
Thu May 7 19:01:40 UTC 2020

On May 7, 2020, at 2:48 PM, Bill Cole <macportsusers-20171215 at billmail.scconsult.com> wrote:
> That looks like my ugly hack. I came up with it shortly after the disclosure of the "ShellShock" vulnerability.
> The reason to do this when replacing a login shell or (most importantly) the system shell at /bin/sh is that you do not want either of those to be breakable by modification of a shared library installed by MacPorts.

alternatively, at the time I believe I downloaded the source from Apple, applied the upstream patch, and replaced the system /bin/sh with the result.

> The primary reason that one should replace /bin/{bash,sh} with a newer version on older versions of MacOS X is ShellShock.

People who are running older versions of Mac OS X have chosen not to care about vulnerabilities - since they're no longer getting security updates from Apple. While it's maybe possible to patch/replace some of the parts of the system - there are large closed-source surface areas that you aren't going to be able to keep updated.

Daniel J. Luke

More information about the macports-users mailing list