Login shell
Daniel J. Luke
dluke at geeklair.net
Thu May 7 19:01:40 UTC 2020
On May 7, 2020, at 2:48 PM, Bill Cole <macportsusers-20171215 at billmail.scconsult.com> wrote:
> That looks like my ugly hack. I came up with it shortly after the disclosure of the "ShellShock" vulnerability.
>
> The reason to do this when replacing a login shell or (most importantly) the system shell at /bin/sh is that you do not want either of those to be breakable by modification of a shared library installed by MacPorts.
alternatively, at the time I believe I downloaded the source from Apple, applied the upstream patch, and replaced the system /bin/sh with the result.
> The primary reason that one should replace /bin/{bash,sh} with a newer version on older versions of MacOS X is ShellShock.
People who are running older versions of Mac OS X have chosen not to care about vulnerabilities - since they're no longer getting security updates from Apple. While it's maybe possible to patch/replace some of the parts of the system - there are large closed-source surface areas that you aren't going to be able to keep updated.
--
Daniel J. Luke
More information about the macports-users
mailing list