Will recompiling bash to avoid Shellshock cause more harm than good

macos bash security

I wasn't particularly worried about Shellshock until I learned that a malicious DHCP server may be able to exploit my DHCP client to run arbitrary code on my system. It's not clear to me whether Macs are vulnerable, but if so, I want to fix it ASAP.

That said, the version of /bin/bash on my Mac is code-signed by Apple.

$ spctl --verbose --assess --type execute /bin/bash
/bin/bash: accepted
source=Apple System

If I follow these instructions and replace Apple's /bin/bash with one that I compile myself (hence not code-signed by Apple), am I setting myself up for trouble?


Macs don't use Bash for DHCP, so that particular vulnerability does not apply. Unless you run a vulnerable web server or have restricted remote access accounts, it's not worth the trouble to recompile Bash on OS X.

Related

Will Time Machine work effectively with a WD MyCloud NAS device? [closed]
How to keep all my passwords, browsing data, e-mails, content etc. only for myself, and away from Apple?
Nodemailer: ECONNREFUSED
Disable Little Snitch in Guest account
What is fastest operating system for my Macbook Pro 13" mid 2010?
How do you enter numbers on a Mac when making a cellular voice call with iPhone?
Yosemite: Safari's window is too wide
"The calling thread must be STA, because many UI components require this" error when creating a WPF pop-up Window in thread
How to add icons to iTerm2?
Apple Time Machine, Drobo and studio computer [closed]
Tata photon 3g dongle crashes after upgrading my OS to Yosemite
Mac mini connected display not showing full screen