anti-shellshock suggestions
Nathan Brazil
nb at bitaxis.com
Fri Sep 26 06:51:01 PDT 2014
Looking through the details for the 2014-004 security update, I do not see shellshock (CVE-2014-6271, CVE-2014-7169) included.
But for myself, I switched over to MacPorts' installation of bash as well.
--
On Sep 26, 2014, at 6:27 AM, James Rome <jamesrome at gmail.com> wrote:
> What Apple sec update? I have not received one...
>
> James A. Rome
> http://jamesrome.net
>
> On 9/26/14 4:45 AM, René J.V. Bertin wrote:
>> On Thursday September 25 2014 23:28:55 Brandon Allbery wrote:
>>> On Thu, Sep 25, 2014 at 11:10 PM, Bill Christensen <
>>> billc_lists at greenbuilder.com> wrote:
>>>
>>>> Anyone got any?
>>>>
>> Yeah, upgrade to 10.9.5 including the secupdate Apple pushed yesterday.
>>
>> Or, according to the test proposed by Ars Technica
>>
>> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>> env x='() { :;}; echo vulnerable' sh -c "echo this is a test"
>>
>> the bash that's currently in MacPorts is not vulnerable. So my solution has been easy:
>>
>> # port install bash +universal
>> # mv /bin/bash{,-osx} ; ln /opt/local/bin/bash /bin/bash
>> # mv /bin/sh{,-osx} ; ln /bin/bash /bin/sh
>>
>> Has been working sofar (on a formerly vulnerable OS X 10.6.8 with bash 3.2.x) but I'm a bit anxious to see if the machine will still boot.
>> I have no idea if there's a checksum on /bin/bash in 10.6+ or 10.7+ .
>>
>> R.
>> _______________________________________________
>> macports-users mailing list
>> macports-users at lists.macosforge.org
>> https://lists.macosforge.org/mailman/listinfo/macports-users
>
> _______________________________________________
> macports-users mailing list
> macports-users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/macports-users
More information about the macports-users
mailing list