Forums before death by AOL, social media and spammers... "We can't have nice things"
| alt.os.linux.mandriva | Somewhat decent but also getting bloated | 29,919 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 29,623 of 29,919 |
| Markus R. =?iso-8859-1?q?Ke=DFler?= to Bobbie Sellers |
| Re: Shellshock patch not working (1/2) |
| 28 Sep 14 18:31:39 |
From: dimke.fax@uni.de
Bobbie Sellers wrote:
> On 09/28/2014 10:58 AM, Markus R. Keßler wrote:
>> Hi everybody,
>>
>> sure, you've already heard from one of the most severe bugs in linux
>> bash these days.
>>
>> On my redhat machines it was no big challenge to fix the bug, because
>> redhat created a patched version and put it into their repositories.
>>
>> Unfortunately, this is not possible with mandriva, of course.
>>
>> So, on a box with mandriva 2009.1 / kernel 2.6.39.4, I got the shell
>> sources and all patches from gnu.org, applied the patches successively
>> and configured and made the executable.
>>
>> It can be invoked and does what it should, but unfortunately, before and
>> after applying the patches and compiling, I always get as a
>> result "vulnerable", when running the well-known test
>>
>> env x='() { :;}; echo vulnerable' bash -c 'echo hello'
>>
>> I tested this with different versions from 3.2 .. 4.3. but it's always
>> the same.
>>
>> What's puzzling me even more, is, that I ran the above test on a redhat
>> box, and after patching there appears no "vulnerable" any more, what
>> means, the patch is valid. But, when downloading exactly this bash
>> (2.05b) to my mandriva box, it runs, but there it shows "vulnerable"?!
>>
>> Does anyone have an idea what could cause this misbehaviour?
>> A shell is one big monolithic executable, which does not install dozens
>> of libraries out of its rpm, isn't it?
>>
>> Thanks for any hint.
>>
>> Best regards,
>>
>> Markus
>>
>
> Sir I believe you may be confused as to bash
> I checked the files listed in bash from the Mageia rpm
> and this is what they look like. In addition the bash
> shell is a Command Language Interpreter. It uses the
> commands installed to do its functions and can use
> the Big Box or similar space saving monolithic version
> of the standard commands.
> So the files of bash version 4.2-48.1.mga4:
> /bin/bash
> /bin/rbash
> /bin/sh
> /etc/bashrc
> /etc/profile.d/60alias.sh
> /etc/profile.d/95bash-extras.sh
> /etc/skel/.bash_logout
> /etc/skel/.bash_profile
> /etc/skel/.bashrc
> /usr/bin/bashbug
> /usr/share/doc/bash
> /usr/share/doc/bash/README
> /usr/share/info/bash.info.xz
> /usr/share/locale/af/LC_MESSAGES/bash.mo
> /usr/share/locale/bg/LC_MESSAGES/bash.mo
> /usr/share/locale/ca/LC_MESSAGES/bash.mo
> /usr/share/locale/cs/LC_MESSAGES/bash.mo
> /usr/share/locale/de/LC_MESSAGES/bash.mo
> /usr/share/locale/eo/LC_MESSAGES/bash.mo
> /usr/share/locale/es/LC_MESSAGES/bash.mo
> /usr/share/locale/et/LC_MESSAGES/bash.mo
> /usr/share/locale/fi/LC_MESSAGES/bash.mo
> /usr/share/locale/fr/LC_MESSAGES/bash.mo
> /usr/share/locale/ga/LC_MESSAGES/bash.mo
> /usr/share/locale/hu/LC_MESSAGES/bash.mo
> /usr/share/locale/id/LC_MESSAGES/bash.mo
> /usr/share/locale/ja/LC_MESSAGES/bash.mo
> /usr/share/locale/lt/LC_MESSAGES/bash.mo
> /usr/share/locale/nl/LC_MESSAGES/bash.mo
> /usr/share/locale/pl/LC_MESSAGES/bash.mo
> /usr/share/locale/pt_BR/LC_MESSAGES/bash.mo
> /usr/share/locale/ro/LC_MESSAGES/bash.mo
> /usr/share/locale/ru/LC_MESSAGES/bash.mo
> /usr/share/locale/sk/LC_MESSAGES/bash.mo
> /usr/share/locale/sv/LC_MESSAGES/bash.mo
> /usr/share/locale/tr/LC_MESSAGES/bash.mo
> /usr/share/locale/uk/LC_MESSAGES/bash.mo
> /usr/share/locale/vi/LC_MESSAGES/bash.mo
> /usr/share/locale/zh_CN/LC_MESSAGES/bash.mo
> /usr/share/locale/zh_TW/LC_MESSAGES/bash.mo
> /usr/share/man/man1/..1.xz
> /usr/share/man/man1/:.1.xz
> /usr/share/man/man1/[.1.xz
> /usr/share/man/man1/alias.1.xz
> /usr/share/man/man1/bash.1.xz
> /usr/share/man/man1/bashbug.1.xz
> /usr/share/man/man1/bg.1.xz
> /usr/share/man/man1/bind.1.xz
> /usr/share/man/man1/break.1.xz
> /usr/share/man/man1/builtin.1.xz
> /usr/share/man/man1/builtins.1.xz
> /usr/share/man/man1/caller.1.xz
> /usr/share/man/man1/cd.1.xz
> /usr/share/man/man1/command.1.xz
> /usr/share/man/man1/compgen.1.xz
> /usr/share/man/man1/complete.1.xz
> /usr/share/man/man1/compopt.1.xz
> /usr/share/man/man1/continue.1.xz
> /usr/share/man/man1/declare.1.xz
> /usr/share/man/man1/dirs.1.xz
> /usr/share/man/man1/disown.1.xz
> /usr/share/man/man1/enable.1.xz
> /usr/share/man/man1/eval.1.xz
> /usr/share/man/man1/exec.1.xz
> /usr/share/man/man1/exit.1.xz
> /usr/share/man/man1/false.1.xz
> /usr/share/man/man1/fc.1.xz
> /usr/share/man/man1/fg.1.xz
> /usr/share/man/man1/getopts.1.xz
> /usr/share/man/man1/hash.1.xz
> /usr/share/man/man1/help.1.xz
> /usr/share/man/man1/history.1.xz
> /usr/share/man/man1/jobs.1.xz
> /usr/share/man/man1/let.1.xz
> /usr/share/man/man1/local.1.xz
> /usr/share/man/man1/logout.1.xz
> /usr/share/man/man1/mapfile.1.xz
> /usr/share/man/man1/popd.1.xz
> /usr/share/man/man1/pushd.1.xz
> /usr/share/man/man1/rbash.1.xz
> /usr/share/man/man1/read.1.xz
> /usr/share/man/man1/readonly.1.xz
> /usr/share/man/man1/return.1.xz
> /usr/share/man/man1/set.1.xz
> /usr/share/man/man1/shift.1.xz
> /usr/share/man/man1/shopt.1.xz
> /usr/share/man/man1/source.1.xz
> /usr/share/man/man1/suspend.1.xz
> /usr/share/man/man1/times.1.xz
> /usr/share/man/man1/trap.1.xz
> /usr/share/man/man1/true.1.xz
> /usr/share/man/man1/type.1.xz
> /usr/share/man/man1/typeset.1.xz
> /usr/share/man/man1/ulimit.1.xz
> /usr/share/man/man1/umask.1.xz
> /usr/share/man/man1/unalias.1.xz
> /usr/share/man/man1/unset.1.xz
> /usr/share/man/man1/wait.1.xz
>
> `Now if you are sticking to Mandriva of the glory years then you
> will be having a very hard time upgrading anything.
> If you are using Open Mandriva you might have an easier
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
(c) 1994, bbs@darkrealms.ca