On 28 Oct 2014, at 08:36, Chris Jones wrote: > >> in an attempt to minimize exposure to Shellshock. IIRC I got the above >> from someone on this list. > > Together, if I recall, with a number of posts saying it was also a very bad > idea....
There was also a post from Greg Earle giving a script to replace /bin/bash and /bin/sh with Shellshock-proof versions. This was trivial to use but it was for Snow Leopard. I attach a copy but would not use it for 10.9.5 without checking that your version of /bin/bash and /bin/sh is the same as required in the script (reproduced below). Barrie. -- #!/bin/sh # Script to build Shellshock-fixed bash/sh from Apple's bash src # # Taken (w/ slight mods) from the "System Binaries" section of this Web page: # # http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an # cd ~/src mkdir bash-fix cd bash-fix curl -k https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar -zpxf - cd bash-92/bash-3.2 curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0 curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0 curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0 curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-055 | patch -p0 curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-056 | patch -p0 curl -k https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-057 | patch -p0 cd .. xcodebuild sudo chown root build/Release/bash sudo chown root build/Release/sh build/Release/bash --version # "GNU bash, version 3.2.57(1)-release" build/Release/sh --version # "GNU bash, version 3.2.57(1)-release" sudo cp -p /bin/bash /bin/bash.shellshock sudo chmod 000 /bin/bash.shellshock sudo cp -p /bin/sh /bin/sh.shellshock sudo chmod 000 /bin/sh.shellshock sudo cp -p build/Release/bash /bin/bash sudo cp -p build/Release/sh /bin/sh exit 0 -- _______________________________________________ macports-users mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-users
