anti-shellshock suggestions

James Rome jamesrome at gmail.com
Fri Sep 26 06:27:06 PDT 2014


What Apple sec update? I have not received one...

James A. Rome
http://jamesrome.net

On 9/26/14 4:45 AM, René J.V. Bertin wrote:
> On Thursday September 25 2014 23:28:55 Brandon Allbery wrote:
>> On Thu, Sep 25, 2014 at 11:10 PM, Bill Christensen <
>> billc_lists at greenbuilder.com> wrote:
>>
>>> Anyone got any?
>>>
> Yeah, upgrade to 10.9.5 including the secupdate Apple pushed yesterday.
>
> Or, according to the test proposed by Ars Technica 
>
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> env x='() { :;}; echo vulnerable' sh -c "echo this is a test"
>
> the bash that's currently in MacPorts is not vulnerable. So my solution has been easy:
>
> # port install bash +universal
> # mv /bin/bash{,-osx} ; ln /opt/local/bin/bash /bin/bash
> # mv /bin/sh{,-osx} ; ln /bin/bash /bin/sh
>
> Has been working sofar (on a formerly vulnerable OS X 10.6.8 with bash 3.2.x) but I'm a bit anxious to see if the machine will still boot.
> I have no idea if there's a checksum on /bin/bash in 10.6+ or 10.7+ .
>
> R.
> _______________________________________________
> macports-users mailing list
> macports-users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/macports-users



More information about the macports-users mailing list