本文尽量详述眼下来说的bash补丁的进展,从以下4个方面解释:

  • 最全最新的更新安装包,:Oct 5为止的
  • 測试已知的bash漏洞的脚本:更新后能够用来检測已知bash漏洞的情况
  • 脚本编译更新版本号:也能够更新到3.2.56版本号,须要在本地编译
  • 手动更新:看这个部分,能够具体了解眼下状态。遇到未来的更新。也能够手动自己更新。

1. 最全最新的更新安装包:

近期犹他大学(University of Utah)的Richard Glaser公布了自己开发的一个集成适合于OS X从10.5到10.10的bash更新包。它将bash更新到眼下最新的3.2.56版本号, 相比較Apple官方的3.2.53(1)要信,并且修复了(宣称的。由于眼下没有很多其它的信息显示56版本号是否真正修复了)那些已知的危急漏洞(后面列出,并有脚本測试)。能够在csdn下载。这里

以下是发布的原文:

Here is a OS X installer for the latest official GNU bash release version, 3.2.56 and will be updated to new releases when available. 

The bash is universal runs on 32/64-bit, PowerPC, Intel architectures and supports and has been tested on OS X 10.5 thur OS X 10.10 

http://www.mac-mgrs.utah.edu/ downloads/osx_gnu_bash_ installer.zip 

Our institution is very decentralized and primarily there was a need to apply latest GNU bash patch to non=Apple supported OS’s like OS 10.6/10.5, but for those security conscious or paranoid could use it on supported OS X versions. 

Here is the SHA1 256 checksums 

•        OS X 10.5-10.10 - bash version 3.2.56 

         bed4178f4bdf05ad2d5c396fb3ed97 331e62e35836fae1410e20f0e05a77 c13e 

        •        OS X 10.5-10.10 - sh version 3.2.56 

         f51a83aaad5d15b34753998cb81061 eb63ffe1a28f8876db0a0ea2f04f28 e3b1 

The installer backups current bash install incase you need to revert back to previous version. See installer read me for details. 

Hope this is useful to the community. 

Let me know if you have any suggestions, comments or problems.

2. 測试已知的bash漏洞:

另外一个技术人员。编写了一个检查眼下可知的bash漏洞的脚本,原脚本能够从这里获得。

为了方便阅读。在最后附上。以下是使用该脚本測试上面3.2.56版本号的补丁结果:

<span style="font-family: Arial, Helvetica, sans-serif;">

$ bashcheck.sh

Testing /bin/bash ...

GNU bash, version 3.2.56(1)-release (x86_64-apple-darwin9)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable

Not vulnerable to CVE-2014-6271 (original shellshock)

Not vulnerable to CVE-2014-7169 (taviso bug)

Not vulnerable to CVE-2014-7186 (redir_stack bug)

Test for CVE-2014-7187 not reliable without address sanitizer

Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)

Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)</span>

相比較Apple官方的3.2.53(1)的检測结果:

$ ./bashbash.sh

Testing /bin/bash ...

GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin14) 

Not vulnerable to CVE-2014-6271 (original shellshock)

Not vulnerable to CVE-2014-7169 (taviso bug)

Vulnerable to CVE-2014-7186 (redir_stack bug)

Test for CVE-2014-7187 not reliable without address sanitizer

Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]

Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)

Variable function parser inactive, likely safe from unknown parser bugs

3. 自己编译更新版本号

另外,TJ Luoma公布了一个脚本,它从opensource.apple.com站点下载的最新bash源程序。并从gnu.org上下载各个更新补丁,使用xcode来为之又一次编译。

眼下它也是3.2.56版本号。

4.手动更新

这个是怎样手动的解释,具体查看AlBlue的解释。

--------------------------------------------------

bash-check脚本

#!/bin/bash

warn() {

	if [ "$scary" == "1" ]; then

		echo -e "\033[91mVulnerable to $1\033[39m"

	else

		echo -e "\033[93mFound non-exploitable $1\033[39m"

	fi

}

good() {

	echo -e "\033[92mNot vulnerable to $1\033[39m"

}

[ -n "$1" ] && bash=$(which $1) || bash=$(which bash)

echo -e "\033[95mTesting $bash ..."

echo $($bash --version | head -n 1)

echo -e "\033[39m"

#r=`a="() { echo x;}" $bash -c a 2>/dev/null`

if [ -n "$(env 'a'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then

	echo -e "\033[91mVariable function parser active, maybe vulnerable to unknown parser bugs\033[39m"

	scary=1

elif [ -n "$(env 'BASH_FUNC_a%%'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then

	echo -e "\033[92mVariable function parser pre/suffixed [%%, upstream], bugs not exploitable\033[39m"

	scary=0

elif [ -n "$(env 'BASH_FUNC_a()'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then

	echo -e "\033[92mVariable function parser pre/suffixed [(), redhat], bugs not exploitable\033[39m"

	scary=0

elif [ -n "$(env 'BASH_FUNC_<a>%%'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then

	echo -e "\033[92mVariable function parser pre/suffixed [<..>%%, apple], bugs not exploitable\033[39m"

	scary=0

else

	echo -e "\033[92mVariable function parser inactive, bugs not exploitable\033[39m"

	scary=0

fi

r=`env x="() { :; }; echo x" $bash -c "" 2>/dev/null`

if [ -n "$r" ]; then

	warn "CVE-2014-6271 (original shellshock)"

else

	good "CVE-2014-6271 (original shellshock)"

fi

cd /tmp;rm echo 2>/dev/null

env x='() { function a a>\' $bash -c echo 2>/dev/null > /dev/null

if [ -e echo ]; then

	warn "CVE-2014-7169 (taviso bug)"

else

	good "CVE-2014-7169 (taviso bug)"

fi

$($bash -c "true $(printf '<<EOF %.0s' {1..80})" 2>/tmp/bashcheck.tmp)

ret=$?

grep -q AddressSanitizer /tmp/bashcheck.tmp

if [ $? == 0 ] || [ $ret == 139 ]; then

	warn "CVE-2014-7186 (redir_stack bug)"

else

	good "CVE-2014-7186 (redir_stack bug)"

fi

$bash -c "`for i in {1..200}; do echo -n "for x$i in; do :;"; done; for i in {1..200}; do echo -n "done;";done`" 2>/dev/null

if [ $?

!= 0 ]; then

	warn "CVE-2014-7187 (nested loops off by one)"

else

	echo -e "\033[96mTest for CVE-2014-7187 not reliable without address sanitizer\033[39m"

fi

$($bash -c "f(){ x(){ _;};x(){ _;}<<a;}" 2>/dev/null)

if [ $? != 0 ]; then

	warn "CVE-2014-6277 (lcamtuf bug #1)"

else

	good "CVE-2014-6277 (lcamtuf bug #1)"

fi

if [ -n "$(env x='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then

	warn "CVE-2014-6278 (lcamtuf bug #2)"

elif [ -n "$(env BASH_FUNC_x%%='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then

	warn "CVE-2014-6278 (lcamtuf bug #2)"

elif [ -n "$(env 'BASH_FUNC_x()'='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then

	warn "CVE-2014-6278 (lcamtuf bug #2)"

else

	good "CVE-2014-6278 (lcamtuf bug #2)"

fi

bash-fix脚本

#!/bin/zsh -f

# recompile bash -

# 	http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271-and-cve-2014-7/146851#146851

#

# From:	Timothy J. Luoma

# Mail:	luomat at gmail dot com

# Date:	2014-09-25, Updated 2014-09-29

NAME="bash-fix.sh"

	# This should match Xcode in many variations, betas, etc.

XCODE=`find /Applications -maxdepth 1 -type d -iname xcode\*.app -print`

if [[ "$XCODE" == "" ]]

then

	echo "$NAME [FATAL]: Xcode is required, but not installed. Please install Xcode from the Mac App Store."

	open 'macappstore://itunes.apple.com/us/app/xcode/id497799835?mt=12'

	exit 1

fi

zmodload zsh/datetime

function timestamp { strftime "%Y-%m-%d--%H.%M.%S" "$EPOCHSECONDS" }

function log { echo "$NAME [`timestamp`]: $@" | tee -a "$LOG" }

function die

{

	echo "\n$NAME [FATAL]: $@"

	exit 1

}

function msg

{

	echo "\n	$NAME [INFO]: $@"

}

TIME=$(strftime "%Y-%m-%d-at-%H.%M.%S" "$EPOCHSECONDS")

LOG="$HOME/Library/Logs/$NAME.$TIME.txt"

[[ -d "$LOG:h" ]] || mkdir -p "$LOG:h"

[[ -e "$LOG" ]]   || touch "$LOG"

cd "$HOME/Desktop" || cd

mkdir -p bash-fix

cd bash-fix

ORIG_DIR="$PWD"

##################################################################################################

msg "Downloading and uncompressing Apple's 'bash' source code..."

curl --progress-bar -fL https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -

EXIT="$?"

if [ "$EXIT" = "0" ]

then

	msg "Successfully downloaded bash source from Apple.com"

else

	die "curl or tar failed (\$EXIT = $EXIT)"

fi

cd bash-92/bash-3.2

msg "CWD is now $PWD"

##################################################################################################

msg "Downloading and applying bash32-052 from gnu.org..."

curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0

EXIT="$?

"

if [ "$EXIT" = "0" ]

then

	msg "patch bash32-052 successfully applied"

else

	die "patch bash32-052 FAILED"

fi

##################################################################################################

msg "Downloading and applying bash32-053 from gnu.org..."

curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0

EXIT="$?"

if [ "$EXIT" = "0" ]

then

	msg "patch bash32-053 successfully applied"

else

	die "patch bash32-053 FAILED"

fi

##################################################################################################

msg "Downloading and applying bash32-054 from gnu.org..."

curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0

EXIT="$?"

if [ "$EXIT" = "0" ]

then

	msg "patch bash32-054 successfully applied"

else

	die "patch bash32-054 FAILED"

fi

##################################################################################################

msg "Downloading and applying bash32-055 from gnu.org..."

curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-055 | patch -p0

EXIT="$?

"

if [ "$EXIT" = "0" ]

then

	msg "patch bash32-055 successfully applied"

else

	die "patch bash32-055 FAILED"

fi

##################################################################################################

msg "Downloading and applying bash32-056 from gnu.org..."

curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-056 | patch -p0

EXIT="$?"

if [ "$EXIT" = "0" ]

then

	msg "patch bash32-056 successfully applied"

else

	die "patch bash32-056 FAILED"

fi

##################################################################################################

cd ..

msg "CWD is now $PWD"

echo -n "$NAME is about to run xcodebuild and its output redirected to $ORIG_DIR/xcodebuild.log. If it does not succeed, check the log for error messages.\n\nThis could take a few minutes. Please wait... "

xcodebuild 2>&1 >>| "$ORIG_DIR/xcodebuild.log"

EXIT="$?"

if [ "$EXIT" = "0" ]

then

	msg "xcodebuild exited successfully."

else

	die "xcodebuild failed (\$EXIT = $EXIT). See $ORIG_DIR/xcodebuild.log for details."

	exit 1

fi

	# Play a sound to tell them the build finished

[[ -e /System/Library/Sounds/Glass.aiff ]] && afplay /System/Library/Sounds/Glass.aiff

if [ -e 'build/Release/bash' ]

then

	msg "Here is the _NEW_ version number for bash (must be 3.2.52(1) or later):"

	build/Release/bash --version # GNU bash, version 3.2.54(1)-release (x86_64-apple-darwin13)

else

	die "build/Release/bash does not exist. See $PWD/xcodebuild.log for details."

fi

if [ -e 'build/Release/sh' ]

then

	msg "Here is the _NEW_ version number for sh (must be 3.2.52(1) or later):"

	build/Release/sh --version   # GNU bash, version 3.2.54(1)-release (x86_64-apple-darwin13)

else

	die "build/Release/sh does not exist. See $PWD/xcodebuild.log for details."

fi

####################################################################################

#

# 2014-09-29: disabled test section because it only tests first vulnerability.

# 2014-09-29: TODO: Add tests for each vulnerability to verify it was fixed

#

# 	$NAME: About to run test of new bash:

#

# 	You should see 'hello' but you should NOT see the word 'vulnerable':

#

# Press Return/Enter to run test: "

#

# read PROMPT_TO_CONTINUE

#

# env x='() { :;}; echo vulnerable' build/Release/bash -c 'echo hello' 2>/dev/null

echo "\n\n"

read "?$NAME: Ready to install newly compiled 'bash' and 'sh'? [Y/n]: " ANSWER

case "$ANSWER" in

	N*|n*)

			echo "$NAME: OK, not installing"

			exit 0

	;;

esac

cat <<EOINPUT

$NAME: About to replace the vulnerable versions of /bin/bash and /bin/sh with the new, patched versions.

	The.$TIME ones will be backed up to /bin/bash.$TIME and /bin/sh.$TIME respectively

Please enter your administrator password (if prompted):

EOINPUT

	# This will prompt user for admin password

sudo -v

##################################################################################################

msg "Moving /bin/bash to /bin/bash.$TIME: "

sudo /bin/mv -vf /bin/bash "/bin/bash.$TIME"	|| die "Failed to move /bin/bash to /bin/bash.$TIME"

msg "Installing build/Release/bash to /bin/bash: "

sudo cp -v build/Release/bash /bin/bash

if [ "$?

" != "0" ]

then

	sudo mv -vf "/bin/bash.$TIME" /bin/bash

	die "Failed to move build/Release/bash to /bin/bash. Restored /bin/bash.$TIME to /bin/bash"

fi

##################################################################################################

msg "Moving /bin/sh to /bin/sh.$TIME: "

sudo /bin/mv -vf /bin/sh   "/bin/sh.$TIME" 	|| die "Failed to move /bin/sh to /bin/sh.$TIME"

msg "Installing build/Release/sh to /bin/sh: "

sudo cp -v build/Release/sh /bin/sh

if [ "$?" != "0" ]

then

	sudo mv -vf "/bin/sh.$TIME" /bin/sh

	die "Failed to move build/Release/sh to /bin/sh. Restored /bin/sh.$TIME to /bin/sh"

fi

##################################################################################################

msg "Removing executable bit from /bin/bash.$TIME"

sudo /bin/chmod a-x "/bin/bash.$TIME" \

 	|| msg "WARNING: Failed to remove executable bit from /bin/bash.$TIME"

msg "Removing executable bit from /bin/sh.$TIME"

sudo /bin/chmod a-x "/bin/sh.$TIME" \

	|| msg "WARNING: Failed to remove executable bit from /bin/sh.$TIME"

msg "$NAME has finished successfully."

read "?Do you want to move $ORIG_DIR to ~/.Trash/? [Y/n]  " ANSWER

case "$ANSWER" in

	N*|n*)

			echo "$NAME: Not moving $ORIG_DIR."

			exit 0

	;;

	*)

			mv -vn "$ORIG_DIR" "$HOME/.Trash/$ORIG_DIR.$EPOCHSECONDS"

			exit 0

	;;

esac

exit

#

#EOF



OSX: bash的更新的更多相关文章

  1. OSX下 pip更新及安装python库

    直接执行安装命令 $ pip install builtwith 提示pip当前版本为7.1.2,要使用"pip install --upgrade pip"升级到8.1.2 $  ...

  2. Mac OSX bash function 备份

    # mount the android file image function mountAndroid { hdiutil attach ~/android.dmg.sparsefile.spars ...

  3. Docker 容器更新,打包,上传到阿里云

    上几章讲了镜像的拉取和运行. 这次来尝试如何将已经运行的容器打包,封装成镜像,并且上传到阿里云上,为了别的地方下载和使用更加的方便. 首先,进入镜像,如果不清楚地,可以看下上一章. [root@VM_ ...

  4. (转)myrepo

    源作者主页:https://copr.fedoraproject.org/coprs/mosquito/myrepo/ 源作者github: https://github.com/1dot75cm/m ...

  5. linux 更改用户的默认shell

    由于卸载了zsh.导致用户的bash没有更新 用户无法登录.后来通过grup更改.修改/etc/passwd中的用户的shell成功 将下面的红色的更改成bash即可. root:x:::root:/ ...

  6. MySQL 复制 - 性能与扩展性的基石 2:部署及其配置

    正所谓理论造航母,现实小帆船.单有理论,不动手实践,学到的知识犹如空中楼阁.接下来,我们一起来看下如何一步步进行 MySQL Replication 的配置. 为 MySQL 服务器配置复制非常简单. ...

  7. Docker的使用

    Ubuntu16.04+ 在Ubuntu系统中安装较为简单,官方提供了脚本供我们进行安装. sudo apt install curl curl -fsSL get.docker.com -o get ...

  8. Jenkins + Ansible + Gitlab之gitlab篇

    前言 持续交付 版本控制器:Gitlab.GitHub 持续集成工具:jenkins 部署工具:ansible  课程安排 Gitlab搭建与流程使用 Ansible环境配置与Playbook编写规范 ...

  9. ubuntu16.04安装opencv3.4.0

    老实说这篇记录可能拖了有8个月了,早在去年6月份我应该是第一遍安装opencv.当时懒得记录,以为自己什么都能记得住.后来由于电脑各种原因,需要重装opencv,装的时候发现啥都记不住了.然后又得去找 ...

随机推荐

  1. Delphi 7生成XML

    文件格式为: Day 制1課 U12 ASSY01 Wrist 1009 0 2018/05/18 09:35:59 Day 制1課 U12 ASSY02 Wrist 1010 0 2018/05/1 ...

  2. 定义DoubleArray并将其作为value写入SequenceFile

    1)上代码: /** * Created with IntelliJ IDEA. * User: hadoop * Date: 16-1-20 * Time: 下午7:30 * To change t ...

  3. JAVA 基本概念和编码规范

    概括性描述:一个Java程序可以认为是一系列对象的集合,而这些对象通过调用彼此的方法来协同工作. 基本概念: 下面简要介绍下类.对象.方法和属性的概念. 对象:对象是类的一个实例,有状态和行为.例如, ...

  4. Centos7.3 bbc tools安装

    http://blog.csdn.net/orangleliu/article/details/54099528 更新到最新 CentOS 7.3 1611 yum update -y cat /et ...

  5. [bug] VS2013 Brower Link和Aspnetpager引发的问题分析

    概述 在ie11上浏览页面的时候,突然发现在使用Aspnetpager的页面会有一个bug. 开发环境:win8.1+vs2013+ie11. 项目描述:这个问题出现在内容页中,应用了母版页. 解决方 ...

  6. 【mybatis】service层中一个方法中使用mybatis进行数据库的 多个修改操作,可能是update也可能是delete操作,但是sql语句命名执行并且在控制台打印出来了,但是数据库中未更新到数据【事务的问题】

    问题描述: service层中一个方法中使用mybatis进行数据库的 多个修改操作,可能是update也可能是delete操作,但是sql语句命名执行并且在控制台打印出来了,但是数据库中未更新到数据 ...

  7. 集合视图UICollectionView 介绍及其示例程序

    UICollectionView是一种新的数据展示方式,简单来说可以把它理解成多列的UITableView.如果你用过iBooks的话,可 能你还对书架布局有一定印象,一个虚拟书架上放着你下载和购买的 ...

  8. Eclipse新建java类的时候,自动创建注释

    为形成个人的java代码风格,我们在项目组中进行开发的时候,可以对自己的代码进行一些格式上面的设置,具体如下: 方法一:Eclipse中设置在创建新类时自动生成注释 windows–>prefe ...

  9. 科研不是比赛,而是一种对未知和完美的自我追求——跟邢波(Eric Xing)面对面聊科研

    编者按:6月26日,2014年国际机器学习大会(ICML)在北京国际会议中心完美落幕.作为机器学习领域两大顶尖年会之一,这是 ICML大会30多年来首次来到中国和远东,在国内的机器学习界震动不小.身为 ...

  10. C++之重载操作符

    1.类中重载+操作符 #define _CRT_SECURE_NO_WARNINGS #include <iostream> using namespace std; class Obje ...