Subject: | |
From: | |
Reply To: | |
Date: | Fri, 3 Oct 2014 00:44:22 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
> > repeated access attempts to break in again. "cron" was changed so daily
> > backups were done after they down loaded all new files. "crontab -e" no
> > longer worked.
> > We made a copy of the OS onto old disk and removed disk from the system.
> > There were so many charges to the OS and files in /etc that we did not even
> > try to repair it. There were 1000's of differences between new install and
> > copy of old system.
> >
> > I personally think the bash problem is over blown because they have to get
> > threw modem, firewall, ssh before they can use "bash".
>
> That is *one* instance, and not really relevant to the circumstances
> you described. In fact, many systems expose SSH to the Internet at
> large for "git" repository access, and for telecommuting access to
> firewalls and routers. The big problem with "shellshock" was that
> attempts to restrict the available commands for such access, for
> example inside "ForceCommands" controlled SSH "authrozed_keys" files,
> could now broken out of and allow full local shell access. Once you
> have *that* on a critical server, your hard crunch outershell is
> cracked open and your soft chewy underbelly exposed.
Does git-shell use bash at all for its execution? Shouldn't git-shell fix most
of these issues?
-Brad
|
|
|