On 26 Sep 2014 at 15:06, Gary Stainburn wrote:
From: Gary Stainburn <gary.stainb...@ringways.co.uk>
Organization: Ringways Garages Ltd
To: users@lists.fedoraproject.org
Subject: Re: shellshock - detect in Apache?
Date sent: Fri, 26 Sep 2014 15:06:23 +0100
Send reply to: Community support for Fedora users
<users@lists.fedoraproject.org>
> On Friday 26 September 2014 14:05:01 Michael D. Setzer II wrote:
> > I download the
> > ftp://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
> > and the patches in
> > ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/
> >
> > Installed the 25 patches and then build the code.
> > Running the test on that version of bash passes the test.
> >
> > Don't know if there would be any issues with then replacing the older bash
> > on a system with the newly build one, but that didn't take much time to
> > build.
>
> Tried this and it appears that this version of BASH is still vulnerable
>
> [root@test bash-4.3]# ./bash
> [root@test bash-4.3]# echo $BASH_VERSION
> 4.3.25(1)-release
> [root@test bash-4.3]# env x='() { :;}; echo vulnerable' bash -c "echo this is
> a test"
> vulnerable
> this is a test
> [root@test bash-4.3]#
Problem is you are still running the old bash bash -c should be ./bash -c
The only issue that I see is that the make install isn't replacing the
/bin/bash,
but is putting the new bash in
/usr/local/bin/bash
Tried to copy bash to the /bin, but it seems to be in use?
But after the make install, it did work.
On one system, I needed to restart to get it to take affect, but have only
check a two systems with older versions of Fedora.
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
+----------------------------------------------------------+
Michael D. Setzer II - Computer Science Instructor
Guam Community College Computer Center
mailto:mi...@kuentos.guam.net
mailto:msetze...@gmail.com
http://www.guam.net/home/mikes
Guam - Where America's Day Begins
G4L Disk Imaging Project maintainer
http://sourceforge.net/projects/g4l/
+----------------------------------------------------------+
http://setiathome.berkeley.edu (Original)
Number of Seti Units Returned: 19,471
Processing time: 32 years, 290 days, 12 hours, 58 minutes
(Total Hours: 287,489)
BOINC@HOME CREDITS
ROSETTA 19981840.971965 | SETI 33950436.647387
ABC 16613838.513356 | EINSTEIN 34233765.925899
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
