On 10 Oct 2014, at 23:45, Greg Earle wrote: > On Oct 10, 2014, at 16:06 PM, Barrie Stott <[email protected]> wrote: > >> On 10 Oct 2014, at 15:27, Brandon Allbery wrote: >> >>> That said, 10.6 being unsupported by Apple, it is possible that your best >>> bet is to copy /bin/bash to /bin/bash.apple and then copy MacPorts' bash to >>> /bin/bash. (But beware, if you remove MacPorts in the future your /bin/bash >>> will break; copy the saved one back first.) >>> >>> -- >>> brandon s allbery kf8nh sine nomine associates >>> [email protected] [email protected] >>> unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net >> >> I've done that and I've doe something similar with /bin/sh as well. >> Surprisingly, I found original /bin/bash and /bin/sh different. The new >> stuff is: >> -rwxr-xr-x 1 root wheel 1893232 10 Oct 15:43 /bin/bash >> -rwxr-xr-x 1 root wheel 1346544 15 Feb 2010 /bin/bash.apple >> -r-xr-xr-x 1 root wheel 1893232 10 Oct 16:01 /bin/sh >> -r-xr-xr-x 1 root wheel 1346624 15 Feb 2010 /bin/sh.apple >> >> I'm very grateful for your help. > > Personally I wouldn't replace Apple's bash/sh with MacPorts' versions. > > They are different major versions for one, but also because it's > ridiculously easy to compile the Apple version with Xcode's "xcodebuild". > > I'm running 10.6.8 (I can't believe someone asked Barrie why he isn't on > Mavericks ... LOL) and this fix works like a charm. Here's a script: > > -- > #!/bin/sh > # Script to build Shellshock-fixed bash/sh from Apple's bash src > # > # Taken (w/ slight mods) from the "System Binaries" section of this Web page: > # > # > http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an > # > > cd ~/src > > mkdir bash-fix > cd bash-fix > > curl -k https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar -zpxf > - > > cd bash-92/bash-3.2 > > curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch > -p0 > curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch > -p0 > curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch > -p0 > curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-055 | patch > -p0 > curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-056 | patch > -p0 > curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-057 | patch > -p0 > > cd .. > xcodebuild > sudo chown root build/Release/bash > sudo chown root build/Release/sh > > build/Release/bash --version # "GNU bash, version 3.2.57(1)-release" > build/Release/sh --version # "GNU bash, version 3.2.57(1)-release" > > sudo cp -p /bin/bash /bin/bash.shellshock > sudo chmod 000 /bin/bash.shellshock > sudo cp -p /bin/sh /bin/sh.shellshock > sudo chmod 000 /bin/sh.shellshock > > sudo cp -p build/Release/bash /bin/bash > sudo cp -p build/Release/sh /bin/sh > > exit 0 > -- > > - Greg
I have no objection at all to rebuilding Apple's /bin/bash and /bin/sh when all I have to do is run the given script. However, Greg, do I need to do it? I already have shellshock-proof versions of bash 4.3.27. Is there something special about bash 3.2? Barrie. _______________________________________________ macports-users mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-users
