26 Sep 2014

The Shellshock Bash Bug

Tags: Security

How BOA protects you from the recently discovered bash bug? You may have read about Shellshock Bash Bug already, but here is a good summary we recommend.

While both Debian and Ubuntu posted updated bash packages already, so you can easily fix your self-hosted BOA system with standard 'barracuda up-stable system' command, it is also good to know how BOA proactively protects you from potential attack vectors otherwise made possible because of this horrible bug:

  • BOA users don’t have access to bash, only to the restricted limited shell
  • Web server requests which may invoke system shell are filtered via special wrapper
  • Web server requests are by default sent to limited dash (Almquist Shell) and not bash

!If you are using our hosted Aegir service, your system has been already updated to use fixed bash version. If you are using self-hosted BOA, you should run this command now:

barracuda up-stable system

Create Account or request a free Test Drive
Already 900+ hosts powering thousands of Drupal sites are running on our high-performance Aegir BOA stack
© 2009-2023 Omega8.cc | ul. Zlota 59, 14th floor Skylight Building, 00-120 Warsaw, Poland | Twitter
Smokin’ Fast Drupal Hosting in Amsterdam · Chicago · Frankfurt · London
Madrid · New York · San Jose · Singapore · Sydney · Toronto · Warsaw