
Rohan McLeod <rhn@jeack.com.au> writes:
James Harper wrote:
NetComm ADSL2+ Router NB6_REV2_16M Software Version: 3.65p And I'm in. It's a shell, but can't tell what. ps shows a 'sh' process running. Actually: ps --help BusyBox v1.00 (2010.01.12-11:52+0000) multi-call binary So... not bash. thanks , interesting well that's a relief !
IMO this is not a reliable test. I know of at least Thecus NAS installs which ship busybox, but include bash. Such a system would show the same "I'm busybox" output when running ps in bash, since it is not a bash builtin. I don't know offhand of a reliable test. Off the top of my head, I'd suggest "echo $BASH_VERSION", which seems to be under --posix (which more-or-less correponds to invoking as argv[0] = "/bin/sh"). Probably the Right Thing would be to test for the actual vuln.