On 2 October 2014 00:22, Douglas Ray <dougray@cpan.org> wrote:
... The only system with a real compromise was OS-X, the /bin/sh being a bash.
Apple have released an updated version of bash http://support.apple.com/kb/HT1222 http://support.apple.com/kb/HT6495 http://support.apple.com/kb/DL1769 ... But: a) only first 2 CVEs are fixed. $ bash --version GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13) Copyright (C) 2007 Free Software Foundation, Inc. $ env '__BASH_FUNC<ls>()'="() { echo Game Over; }" /bin/sh -c ls Game Over b) the security fix is not pushed to all Macs by default. Thanks, John
(OpenBSD ships with bash uninstalled in any case; ksh for users and sh is sh.)
cheers, Douglas
On 30/09/14 3:10 AM, Douglas Ray wrote:
The latest bash patchlevel 27 (a day and a half ago) at savannah seems to fix things - 4.3.27 (yes, anonymous checkout).
[back up your originals] git clone git://git.savannah.gnu.org/bash.git ./configure make make test sudo make install
(default install is in /usr/local/bin/, you probably want it in /bin)
I'd be interested to know on which systems this compiles / tests without errors.
cheers Douglas _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main