博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
OSX: bash的更新
阅读量:5088 次
发布时间:2019-06-13

本文共 12809 字,大约阅读时间需要 42 分钟。

本文尽量详述眼下来说的bash补丁的进展,从以下4个方面解释:

  • 最全最新的更新安装包,:Oct 5为止的
  • 測试已知的bash漏洞的脚本:更新后能够用来检測已知bash漏洞的情况
  • 脚本编译更新版本号:也能够更新到3.2.56版本号,须要在本地编译
  • 手动更新:看这个部分,能够具体了解眼下状态。遇到未来的更新。也能够手动自己更新。

1. 最全最新的更新安装包:

近期犹他大学(University of Utah)的Richard Glaser公布了自己开发的一个集成适合于OS X从10.5到10.10的bash更新包。它将bash更新到眼下最新的3.2.56版本号, 相比較Apple官方的3.2.53(1)要信,并且修复了(宣称的。由于眼下没有很多其它的信息显示56版本号是否真正修复了)那些已知的危急漏洞(后面列出,并有脚本測试)。能够在csdn下载。。

以下是发布的原文:

Here is a OS X installer for the latest official GNU bash release version, 3.2.56 and will be updated to new releases when available. The bash is universal runs on 32/64-bit, PowerPC, Intel architectures and supports and has been tested on OS X 10.5 thur OS X 10.10 http://www.mac-mgrs.utah.edu/ downloads/osx_gnu_bash_ installer.zip Our institution is very decentralized and primarily there was a need to apply latest GNU bash patch to non=Apple supported OS’s like OS 10.6/10.5, but for those security conscious or paranoid could use it on supported OS X versions. Here is the SHA1 256 checksums •        OS X 10.5-10.10 - bash version 3.2.56          bed4178f4bdf05ad2d5c396fb3ed97 331e62e35836fae1410e20f0e05a77 c13e         •        OS X 10.5-10.10 - sh version 3.2.56          f51a83aaad5d15b34753998cb81061 eb63ffe1a28f8876db0a0ea2f04f28 e3b1 The installer backups current bash install incase you need to revert back to previous version. See installer read me for details. Hope this is useful to the community. Let me know if you have any suggestions, comments or problems.

2. 測试已知的bash漏洞:

另外一个技术人员。编写了一个检查眼下可知的bash漏洞的脚本,原脚本能够从获得。

为了方便阅读。在最后附上。以下是使用该脚本測试上面3.2.56版本号的补丁结果:

$ bashcheck.shTesting /bin/bash ...GNU bash, version 3.2.56(1)-release (x86_64-apple-darwin9)Variable function parser pre/suffixed [%%, upstream], bugs not exploitableNot vulnerable to CVE-2014-6271 (original shellshock)Not vulnerable to CVE-2014-7169 (taviso bug)Not vulnerable to CVE-2014-7186 (redir_stack bug)Test for CVE-2014-7187 not reliable without address sanitizerNot vulnerable to CVE-2014-6277 (lcamtuf bug #1)Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)

相比較Apple官方的3.2.53(1)的检測结果:

$ ./bashbash.sh Testing /bin/bash ... GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin14) Not vulnerable to CVE-2014-6271 (original shellshock) Not vulnerable to CVE-2014-7169 (taviso bug) Vulnerable to CVE-2014-7186 (redir_stack bug) Test for CVE-2014-7187 not reliable without address sanitizer Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch] Not vulnerable to CVE-2014-6278 (lcamtuf bug #2) Variable function parser inactive, likely safe from unknown parser bugs

3. 自己编译更新版本号

另外,TJ Luoma公布了一个,它从opensource.apple.com站点下载的最新bash源程序。并从gnu.org上下载各个更新补丁,使用xcode来为之又一次编译。

眼下它也是3.2.56版本号。

4.手动更新

是怎样手动的解释,具体查看AlBlue的解释。

--------------------------------------------------

bash-check脚本

#!/bin/bashwarn() {	if [ "$scary" == "1" ]; then		echo -e "\033[91mVulnerable to $1\033[39m"	else		echo -e "\033[93mFound non-exploitable $1\033[39m"	fi}good() {	echo -e "\033[92mNot vulnerable to $1\033[39m"}[ -n "$1" ] && bash=$(which $1) || bash=$(which bash)echo -e "\033[95mTesting $bash ..."echo $($bash --version | head -n 1)echo -e "\033[39m"#r=`a="() { echo x;}" $bash -c a 2>/dev/null`if [ -n "$(env 'a'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then	echo -e "\033[91mVariable function parser active, maybe vulnerable to unknown parser bugs\033[39m"	scary=1elif [ -n "$(env 'BASH_FUNC_a%%'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then	echo -e "\033[92mVariable function parser pre/suffixed [%%, upstream], bugs not exploitable\033[39m"	scary=0elif [ -n "$(env 'BASH_FUNC_a()'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then	echo -e "\033[92mVariable function parser pre/suffixed [(), redhat], bugs not exploitable\033[39m"	scary=0elif [ -n "$(env 'BASH_FUNC_%%'="() { echo x;}" $bash -c a 2>/dev/null)" ]; then	echo -e "\033[92mVariable function parser pre/suffixed [<..>%%, apple], bugs not exploitable\033[39m"	scary=0else	echo -e "\033[92mVariable function parser inactive, bugs not exploitable\033[39m"	scary=0fir=`env x="() { :; }; echo x" $bash -c "" 2>/dev/null`if [ -n "$r" ]; then	warn "CVE-2014-6271 (original shellshock)"else	good "CVE-2014-6271 (original shellshock)"ficd /tmp;rm echo 2>/dev/nullenv x='() { function a a>\' $bash -c echo 2>/dev/null > /dev/nullif [ -e echo ]; then	warn "CVE-2014-7169 (taviso bug)"else	good "CVE-2014-7169 (taviso bug)"fi$($bash -c "true $(printf '<
/tmp/bashcheck.tmp)ret=$?grep -q AddressSanitizer /tmp/bashcheck.tmpif [ $? == 0 ] || [ $ret == 139 ]; then warn "CVE-2014-7186 (redir_stack bug)"else good "CVE-2014-7186 (redir_stack bug)"fi$bash -c "`for i in {1..200}; do echo -n "for x$i in; do :;"; done; for i in {1..200}; do echo -n "done;";done`" 2>/dev/nullif [ $?

!= 0 ]; then warn "CVE-2014-7187 (nested loops off by one)" else echo -e "\033[96mTest for CVE-2014-7187 not reliable without address sanitizer\033[39m" fi $($bash -c "f(){ x(){ _;};x(){ _;}<<a;}" 2>/dev/null) if [ $? != 0 ]; then warn "CVE-2014-6277 (lcamtuf bug #1)" else good "CVE-2014-6277 (lcamtuf bug #1)" fi if [ -n "$(env x='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then warn "CVE-2014-6278 (lcamtuf bug #2)" elif [ -n "$(env BASH_FUNC_x%%='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then warn "CVE-2014-6278 (lcamtuf bug #2)" elif [ -n "$(env 'BASH_FUNC_x()'='() { _;}>_[$($())] { echo x;}' $bash -c : 2>/dev/null)" ]; then warn "CVE-2014-6278 (lcamtuf bug #2)" else good "CVE-2014-6278 (lcamtuf bug #2)" fi

bash-fix脚本

#!/bin/zsh -f# recompile bash -# 	http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271-and-cve-2014-7/146851#146851## From:	Timothy J. Luoma# Mail:	luomat at gmail dot com# Date:	2014-09-25, Updated 2014-09-29NAME="bash-fix.sh"	# This should match Xcode in many variations, betas, etc.XCODE=`find /Applications -maxdepth 1 -type d -iname xcode\*.app -print`if [[ "$XCODE" == "" ]]then	echo "$NAME [FATAL]: Xcode is required, but not installed. Please install Xcode from the Mac App Store."	open 'macappstore://itunes.apple.com/us/app/xcode/id497799835?mt=12'	exit 1fizmodload zsh/datetimefunction timestamp { strftime "%Y-%m-%d--%H.%M.%S" "$EPOCHSECONDS" }function log { echo "$NAME [`timestamp`]: $@" | tee -a "$LOG" }function die{	echo "\n$NAME [FATAL]: $@"	exit 1}function msg{	echo "\n	$NAME [INFO]: $@"}TIME=$(strftime "%Y-%m-%d-at-%H.%M.%S" "$EPOCHSECONDS")LOG="$HOME/Library/Logs/$NAME.$TIME.txt"[[ -d "$LOG:h" ]] || mkdir -p "$LOG:h"[[ -e "$LOG" ]]   || touch "$LOG"cd "$HOME/Desktop" || cdmkdir -p bash-fixcd bash-fixORIG_DIR="$PWD"##################################################################################################msg "Downloading and uncompressing Apple's 'bash' source code..."curl --progress-bar -fL https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -EXIT="$?"if [ "$EXIT" = "0" ]then	msg "Successfully downloaded bash source from Apple.com"else	die "curl or tar failed (\$EXIT = $EXIT)"ficd bash-92/bash-3.2msg "CWD is now $PWD"##################################################################################################msg "Downloading and applying bash32-052 from gnu.org..."curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0EXIT="$?

" if [ "$EXIT" = "0" ] then msg "patch bash32-052 successfully applied" else die "patch bash32-052 FAILED" fi ################################################################################################## msg "Downloading and applying bash32-053 from gnu.org..." curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0 EXIT="$?" if [ "$EXIT" = "0" ] then msg "patch bash32-053 successfully applied" else die "patch bash32-053 FAILED" fi ################################################################################################## msg "Downloading and applying bash32-054 from gnu.org..." curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0 EXIT="$?" if [ "$EXIT" = "0" ] then msg "patch bash32-054 successfully applied" else die "patch bash32-054 FAILED" fi ################################################################################################## msg "Downloading and applying bash32-055 from gnu.org..." curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-055 | patch -p0 EXIT="$?

" if [ "$EXIT" = "0" ] then msg "patch bash32-055 successfully applied" else die "patch bash32-055 FAILED" fi ################################################################################################## msg "Downloading and applying bash32-056 from gnu.org..." curl --progress-bar -fL https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-056 | patch -p0 EXIT="$?" if [ "$EXIT" = "0" ] then msg "patch bash32-056 successfully applied" else die "patch bash32-056 FAILED" fi ################################################################################################## cd .. msg "CWD is now $PWD" echo -n "$NAME is about to run xcodebuild and its output redirected to $ORIG_DIR/xcodebuild.log. If it does not succeed, check the log for error messages.\n\nThis could take a few minutes. Please wait... " xcodebuild 2>&1 >>| "$ORIG_DIR/xcodebuild.log" EXIT="$?" if [ "$EXIT" = "0" ] then msg "xcodebuild exited successfully." else die "xcodebuild failed (\$EXIT = $EXIT). See $ORIG_DIR/xcodebuild.log for details." exit 1 fi # Play a sound to tell them the build finished [[ -e /System/Library/Sounds/Glass.aiff ]] && afplay /System/Library/Sounds/Glass.aiff if [ -e 'build/Release/bash' ] then msg "Here is the _NEW_ version number for bash (must be 3.2.52(1) or later):" build/Release/bash --version # GNU bash, version 3.2.54(1)-release (x86_64-apple-darwin13) else die "build/Release/bash does not exist. See $PWD/xcodebuild.log for details." fi if [ -e 'build/Release/sh' ] then msg "Here is the _NEW_ version number for sh (must be 3.2.52(1) or later):" build/Release/sh --version # GNU bash, version 3.2.54(1)-release (x86_64-apple-darwin13) else die "build/Release/sh does not exist. See $PWD/xcodebuild.log for details." fi #################################################################################### # # 2014-09-29: disabled test section because it only tests first vulnerability. # 2014-09-29: TODO: Add tests for each vulnerability to verify it was fixed # # $NAME: About to run test of new bash: # # You should see 'hello' but you should NOT see the word 'vulnerable': # # Press Return/Enter to run test: " # # read PROMPT_TO_CONTINUE # # env x='() { :;}; echo vulnerable' build/Release/bash -c 'echo hello' 2>/dev/null echo "\n\n" read "?$NAME: Ready to install newly compiled 'bash' and 'sh'? [Y/n]: " ANSWER case "$ANSWER" in N*|n*) echo "$NAME: OK, not installing" exit 0 ;; esac cat <<EOINPUT $NAME: About to replace the vulnerable versions of /bin/bash and /bin/sh with the new, patched versions. The.$TIME ones will be backed up to /bin/bash.$TIME and /bin/sh.$TIME respectively Please enter your administrator password (if prompted): EOINPUT # This will prompt user for admin password sudo -v ################################################################################################## msg "Moving /bin/bash to /bin/bash.$TIME: " sudo /bin/mv -vf /bin/bash "/bin/bash.$TIME" || die "Failed to move /bin/bash to /bin/bash.$TIME" msg "Installing build/Release/bash to /bin/bash: " sudo cp -v build/Release/bash /bin/bash if [ "$?

" != "0" ] then sudo mv -vf "/bin/bash.$TIME" /bin/bash die "Failed to move build/Release/bash to /bin/bash. Restored /bin/bash.$TIME to /bin/bash" fi ################################################################################################## msg "Moving /bin/sh to /bin/sh.$TIME: " sudo /bin/mv -vf /bin/sh "/bin/sh.$TIME" || die "Failed to move /bin/sh to /bin/sh.$TIME" msg "Installing build/Release/sh to /bin/sh: " sudo cp -v build/Release/sh /bin/sh if [ "$?" != "0" ] then sudo mv -vf "/bin/sh.$TIME" /bin/sh die "Failed to move build/Release/sh to /bin/sh. Restored /bin/sh.$TIME to /bin/sh" fi ################################################################################################## msg "Removing executable bit from /bin/bash.$TIME" sudo /bin/chmod a-x "/bin/bash.$TIME" \ || msg "WARNING: Failed to remove executable bit from /bin/bash.$TIME" msg "Removing executable bit from /bin/sh.$TIME" sudo /bin/chmod a-x "/bin/sh.$TIME" \ || msg "WARNING: Failed to remove executable bit from /bin/sh.$TIME" msg "$NAME has finished successfully." read "?Do you want to move $ORIG_DIR to ~/.Trash/? [Y/n] " ANSWER case "$ANSWER" in N*|n*) echo "$NAME: Not moving $ORIG_DIR." exit 0 ;; *) mv -vn "$ORIG_DIR" "$HOME/.Trash/$ORIG_DIR.$EPOCHSECONDS" exit 0 ;; esac exit # #EOF

转载于:https://www.cnblogs.com/wzjhoutai/p/7259575.html

你可能感兴趣的文章
jenkins 更换主数据目录
查看>>
Silverlight中恼人的g.i.cs错误
查看>>
SQLite 数据库增删改查
查看>>
<s:iterator>的status
查看>>
C++入门--1.0输入输出
查看>>
让搭建在Github Pages上的Hexo博客可以被Google搜索到
查看>>
Introduction to 3D Game Programming with DirectX 12 学习笔记之 --- 第十四章:曲面细分阶段...
查看>>
在WPF控件上添加Windows窗口式调整大小行为
查看>>
背水一战 Windows 10 (36) - 控件(弹出类): ToolTip, Popup, PopupMenu
查看>>
打开3389
查看>>
React学习记录
查看>>
nginx常见内部参数,错误总结
查看>>
对象与类
查看>>
《奸的好人2》财色战场----笔记
查看>>
BZOJ 1834网络扩容题解
查看>>
bzoj1878
查看>>
【Vegas原创】Mysql绿色版安装方法
查看>>
Thrift Expected protocol id ffffff82 but got 0
查看>>
.NET下XML文件的读写
查看>>
2009程序员考试大纲
查看>>