Bash gets shellshocked

Posted Oct 2, 2014 8:56 UTC (Thu) by dtlin (subscriber, #36537)
In reply to: Bash gets shellshocked by andreashappe
Parent article: Bash gets shellshocked

I don't know whether security was among the motivations, but the systemd suite consistently avoids shelling out. Everything is done by stuff like libraries in-process, D-Bus calls, or direct exec of another binary; I believe it's possible to boot a system without /bin/sh at all? Also systemd launches everything with a clean environment.

Commands specified in unit files (e.g. ExecStart=...) just get word-splitting and some substitutions made, no shell processing. I believe the same is true for udev rules and RUN+="..." but it seems a little more complex.

In practical terms, most of these things probably aren't attackable, with the exception of systemd-networkd whose developer got to boast a bit noting that its in-process DHCP client is unaffected Shellshock (unlike dhclient and dhcpcd).