[CentOS] firefox: annoyance

Fri Sep 26 23:05:45 UTC 2014
John R Pierce <pierce at hogranch.com>

On 9/26/2014 3:36 PM, Valeri Galtsev wrote:
> On Fri, September 26, 2014 5:13 pm, John R Pierce wrote:
>> >On 9/26/2014 2:51 PM, Always Learning wrote:
>>> >>Probably all Windoze
>> >
>> >linux apache web servers with the bash exploit are getting owned en
>> >masse today.     my (patched) internet web server has logged 100s and
>> >100s of attempts like...
>> >
>> >66.186.2.172 - - [26/Sep/2014:00:49:29 -0700] "GET /cgi-bin/test.sh
> I feel really stupid, but I have to ask. If your server wasn't patched, it
> only would have owned by the above if that file exists, is executable by
> apache and it indeed invokes bash (say, has #!/bin/bash or whatever bash
> location is as first line), right?

no.  mod_cgi launches /bin/sh and passes it the command,  even if the 
file doesn't exist.   and  /bin/sh is linked to bash



-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast