What Apple sec update? I have not received one... James A. Rome http://jamesrome.net
On 9/26/14 4:45 AM, René J.V. Bertin wrote: > On Thursday September 25 2014 23:28:55 Brandon Allbery wrote: >> On Thu, Sep 25, 2014 at 11:10 PM, Bill Christensen < >> [email protected]> wrote: >> >>> Anyone got any? >>> > Yeah, upgrade to 10.9.5 including the secupdate Apple pushed yesterday. > > Or, according to the test proposed by Ars Technica > > env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > env x='() { :;}; echo vulnerable' sh -c "echo this is a test" > > the bash that's currently in MacPorts is not vulnerable. So my solution has > been easy: > > # port install bash +universal > # mv /bin/bash{,-osx} ; ln /opt/local/bin/bash /bin/bash > # mv /bin/sh{,-osx} ; ln /bin/bash /bin/sh > > Has been working sofar (on a formerly vulnerable OS X 10.6.8 with bash 3.2.x) > but I'm a bit anxious to see if the machine will still boot. > I have no idea if there's a checksum on /bin/bash in 10.6+ or 10.7+ . > > R. > _______________________________________________ > macports-users mailing list > [email protected] > https://lists.macosforge.org/mailman/listinfo/macports-users _______________________________________________ macports-users mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-users
