/bin/sh: line 2: `BASH_FUNC_ttr%%': not a valid identifier
Barrie Stott
zen146410 at zen.co.uk
Sat Oct 11 05:29:49 PDT 2014
On 10 Oct 2014, at 23:45, Greg Earle wrote:
> On Oct 10, 2014, at 16:06 PM, Barrie Stott <zen146410 at zen.co.uk> wrote:
>
>> On 10 Oct 2014, at 15:27, Brandon Allbery wrote:
>>
>>> That said, 10.6 being unsupported by Apple, it is possible that your best bet is to copy /bin/bash to /bin/bash.apple and then copy MacPorts' bash to /bin/bash. (But beware, if you remove MacPorts in the future your /bin/bash will break; copy the saved one back first.)
>>>
>>> --
>>> brandon s allbery kf8nh sine nomine associates
>>> allbery.b at gmail.com ballbery at sinenomine.net
>>> unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
>>
>> I've done that and I've doe something similar with /bin/sh as well. Surprisingly, I found original /bin/bash and /bin/sh different. The new stuff is:
>> -rwxr-xr-x 1 root wheel 1893232 10 Oct 15:43 /bin/bash
>> -rwxr-xr-x 1 root wheel 1346544 15 Feb 2010 /bin/bash.apple
>> -r-xr-xr-x 1 root wheel 1893232 10 Oct 16:01 /bin/sh
>> -r-xr-xr-x 1 root wheel 1346624 15 Feb 2010 /bin/sh.apple
>>
>> I'm very grateful for your help.
>
> Personally I wouldn't replace Apple's bash/sh with MacPorts' versions.
>
> They are different major versions for one, but also because it's
> ridiculously easy to compile the Apple version with Xcode's "xcodebuild".
>
> I'm running 10.6.8 (I can't believe someone asked Barrie why he isn't on
> Mavericks ... LOL) and this fix works like a charm. Here's a script:
>
> --
> #!/bin/sh
> # Script to build Shellshock-fixed bash/sh from Apple's bash src
> #
> # Taken (w/ slight mods) from the "System Binaries" section of this Web page:
> #
> # http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an
> #
>
> cd ~/src
>
> mkdir bash-fix
> cd bash-fix
>
> curl -k https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar -zpxf -
>
> cd bash-92/bash-3.2
>
> curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
> curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0
> curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0
> curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-055 | patch -p0
> curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-056 | patch -p0
> curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-057 | patch -p0
>
> cd ..
> xcodebuild
> sudo chown root build/Release/bash
> sudo chown root build/Release/sh
>
> build/Release/bash --version # "GNU bash, version 3.2.57(1)-release"
> build/Release/sh --version # "GNU bash, version 3.2.57(1)-release"
>
> sudo cp -p /bin/bash /bin/bash.shellshock
> sudo chmod 000 /bin/bash.shellshock
> sudo cp -p /bin/sh /bin/sh.shellshock
> sudo chmod 000 /bin/sh.shellshock
>
> sudo cp -p build/Release/bash /bin/bash
> sudo cp -p build/Release/sh /bin/sh
>
> exit 0
> --
>
> - Greg
I have no objection at all to rebuilding Apple's /bin/bash and /bin/sh when all I have to do is run the given script. However, Greg, do I need to do it? I already have shellshock-proof versions of bash 4.3.27. Is there something special about bash 3.2?
Barrie.
More information about the macports-users
mailing list