Good point. See https://access.redhat.com/articles/1200223, the "Common Configuration examples" section. The only thing which is probably vulnerable is CUPS - assuming that the CUPS webserver is open for everybody for attack. For some others who do remoting a lot, SSH may be a vector. The other likely problem is "dhclient", but puppies don't use dhclient, they use "dhcpcd" instead. I wonder whether dhcpcd has similar env issues like dhclient.rcrsn51 wrote:So there is ZERO need for a Puppy user to patch his/her version of bash. Unless, as Geoffrey said above, they are running a server exposed to the world.
Since my router has a decent password on it, I cannot see how this bug makes it any less secure.
Did you read about a guy who made this Canon printer plays Doom (no, I'm not joking - he actually compromised the printer's firmware and upload Doom game to it )Exactly. Instead testing to see if the bash bug makes you vulnerable to YOURSELF, you should try attacking some other device on your network that runs a web server, like a wireless printer.