Bug#764313: fai-client: usage of exported function definitions in Bash causing syntax errors
On Tue, 07 Oct 2014 09:11:54 +0200, Michael Prokop m...@debian.org said:
FAI uses exported function definitions in Bash, a feature that was
recently disabled by the CVEs around Shellshock.
No. Exporting function was not disabled. See below for a proof.
The fix only changes the encoding when exporting functions. See
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027
During FAI runs (fai dirinstall in my case) there are plenty of
Which distribution do you use during dirinstall?
Do these messages appear during task updatebase?
Please provide the full fai.log.
I'm tending to call this an RC bug, actually.
Maybe a RC bug of bash, because this fix breaks unrelated software,
see also #763164.
--
I'm using bash 4.2+dfsg-0.1+deb7u3.
$ set -a
$ . ~/fai-4.3/lib/subroutines
$ export -f
You will see that all FAI functions are defined.
Now. execute a new bash.
$ bash
$ export -f
All the FAI shell functions are still defined. They are exported to
the new shell without any error messages.
--
Here's a complete analysis of the problem.
newbash = 4.2+dfsg-0.1+deb7u3 including the shellshock fix
oldbash = 4.2+dfsg-0.1
First, use the new bash and define a function. Using set -a exports
all functions. If you then call the old bash (for example if you
chroot into a directory containing the old bash version) you'll get
the error messages.
#Call the new bash /bin/bash
newbash$ set -a
# Define a function
newbash$ a() {
echo a
}
# you can all this function
newbash~$ a
a
# Now call the old version of bash
newbash$ /tmp/oldbash/bin/bash
bash: BASH_FUNC_a(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_a(): line 0: `BASH_FUNC_a() () { echo a'
bash: error importing function definition for `BASH_FUNC_a'
It's not a bug of FAI. The problem is that functions are exported in
different internal encodings in the old and new bash, and the old bash
does not work with the new encoding of functions. So, this problem
only appear if you mix the version of bash.
This problem appears, because
debootstrap does not use the security repository, but only the main
repository, which still contains the not fixed bash version.
It will be fixed, if a new Debian wheezy release is
available that contains the fixed bash in the main repository.
--
regards Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764313: fai-client: usage of exported function definitions in Bash causing syntax errors
* Thomas Lange [Tue Oct 07, 2014 at 12:10:23PM +0200]: On Tue, 07 Oct 2014 09:11:54 +0200, Michael Prokop m...@debian.org said: During FAI runs (fai dirinstall in my case) there are plenty of Which distribution do you use during dirinstall? Debian wheezy with most recent FAI version (from jenkins.grml.org) Do these messages appear during task updatebase? Yes Please provide the full fai.log. http://michael-prokop.at/tmp/fai.log regards, -mika- signature.asc Description: Digital signature
Bug#764313: fai-client: usage of exported function definitions in Bash causing syntax errors
On Tue, 7 Oct 2014 23:06:23 +0200, Michael Prokop m...@debian.org said: During FAI runs (fai dirinstall in my case) there are plenty of Which distribution do you use during dirinstall? Debian wheezy with most recent FAI version (from jenkins.grml.org) Which bash version are you running on the system on which you call fai dirinstall? It's important, because this bash version is running the fai script(s). -- regards Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764313: fai-client: usage of exported function definitions in Bash causing syntax errors
* Thomas Lange [Tue Oct 07, 2014 at 11:23:32PM +0200]: On Tue, 7 Oct 2014 23:06:23 +0200, Michael Prokop m...@debian.org said: During FAI runs (fai dirinstall in my case) there are plenty of Which distribution do you use during dirinstall? Debian wheezy with most recent FAI version (from jenkins.grml.org) Which bash version are you running on the system on which you call fai dirinstall? It's important, because this bash version is running the fai script(s). 4.2+dfsg-0.1+deb7u3 regards, -mika- signature.asc Description: Digital signature
Bug#764313: fai-client: usage of exported function definitions in Bash causing syntax errors
On Tue, 7 Oct 2014 23:26:17 +0200, Michael Prokop m...@debian.org said: 4.2+dfsg-0.1+deb7u3 Excatly as I expected. You call fai dirinstall from a bash version including the shellshock fix. Then you extrac the basefile /etc/grml/fai/config/basefiles/I386.tar.gz Which contains bash 4.3.8 (without the fix). That causes the problems. If you recreate your basefile, this should be fixed, since a new jessie basefile will now contain the bash version 4.3.10 including the fix. -- regards Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764313: fai-client: usage of exported function definitions in Bash causing syntax errors
Package: fai-client Version: 4.2.4 Severity: minor This bug does not affect the functionality at all, it only prints a lot of warning messages which can be saftely ignored. -- regards Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764313: fai-client: usage of exported function definitions in Bash causing syntax errors
Package: fai-client
Version: 4.2.4
Severity: important
FAI uses exported function definitions in Bash, a feature that was
recently disabled by the CVEs around Shellshock.
During FAI runs (fai dirinstall in my case) there are plenty of
error messages:
/bin/bash: BASH_FUNC_task_softupdate(): line 0: syntax error near unexpected
token `)'
/bin/bash: BASH_FUNC_task_softupdate(): line 0: `BASH_FUNC_task_softupdate() ()
{ echo Performing FAI system update. All data may be overwritten!;'
/bin/bash: error importing function definition for `BASH_FUNC_task_softupdate'
/bin/bash: BASH_FUNC_ifclass(): line 0: syntax error near unexpected token `)'
/bin/bash: BASH_FUNC_ifclass(): line 0: `BASH_FUNC_ifclass() () { if [ $# -eq
1 ]; then'
/bin/bash: error importing function definition for `BASH_FUNC_ifclass'
/bin/bash: BASH_FUNC_mount_mirror(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC_mount_mirror(): line 0: `BASH_FUNC_mount_mirror() () { [
$FAI_DEBMIRROR ] || return;'
/bin/bash: error importing function definition for `BASH_FUNC_mount_mirror'
/bin/bash: BASH_FUNC__ifclass_or(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC__ifclass_or(): line 0: `BASH_FUNC__ifclass_or() () {
local cl;'
/bin/bash: error importing function definition for `BASH_FUNC__ifclass_or'
/bin/bash: BASH_FUNC_wait_for_jobs(): line 0: syntax error near unexpected
token `)'
/bin/bash: BASH_FUNC_wait_for_jobs(): line 0: `BASH_FUNC_wait_for_jobs() () {
local i=0;'
/bin/bash: error importing function definition for `BASH_FUNC_wait_for_jobs'
/bin/bash: BASH_FUNC_call_hook(): line 0: syntax error near unexpected token `)'
/bin/bash: BASH_FUNC_call_hook(): line 0: `BASH_FUNC_call_hook() () { local
hook=$1;'
/bin/bash: error importing function definition for `BASH_FUNC_call_hook'
/bin/bash: BASH_FUNC_task_instsoft(): line 0: syntax error near unexpected
token `)'
/bin/bash: BASH_FUNC_task_instsoft(): line 0: `BASH_FUNC_task_instsoft() () {
echo Installing software may take a while;'
/bin/bash: error importing function definition for `BASH_FUNC_task_instsoft'
/bin/bash: BASH_FUNC_skiptask(): line 0: syntax error near unexpected token `)'
/bin/bash: BASH_FUNC_skiptask(): line 0: `BASH_FUNC_skiptask() () { local
task;'
/bin/bash: error importing function definition for `BASH_FUNC_skiptask'
/bin/bash: BASH_FUNC_task_updatebase(): line 0: syntax error near unexpected
token `)'
/bin/bash: BASH_FUNC_task_updatebase(): line 0: `BASH_FUNC_task_updatebase() ()
{ if [ $verbose ]; then'
/bin/bash: error importing function definition for `BASH_FUNC_task_updatebase'
/bin/bash: BASH_FUNC_clean_exit(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC_clean_exit(): line 0: `BASH_FUNC_clean_exit() () { rm -f
$stamp;'
/bin/bash: error importing function definition for `BASH_FUNC_clean_exit'
/bin/bash: BASH_FUNC_call_debootstrap(): line 0: syntax error near unexpected
token `)'
/bin/bash: BASH_FUNC_call_debootstrap(): line 0: `BASH_FUNC_call_debootstrap()
() { local dversion=$(dpkg -l debootstrap | grep debootstrap | cut -f7 -d' ');'
/bin/bash: error importing function definition for `BASH_FUNC_call_debootstrap'
/bin/bash: BASH_FUNC_task_confdir(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC_task_confdir(): line 0: `BASH_FUNC_task_confdir() () { if
[ $do_init_tasks -eq 1 ]; then'
/bin/bash: error importing function definition for `BASH_FUNC_task_confdir'
/bin/bash: BASH_FUNC_task_debconf(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC_task_debconf(): line 0: `BASH_FUNC_task_debconf() () { if
[ ! -d $FAI/debconf ]; then'
/bin/bash: error importing function definition for `BASH_FUNC_task_debconf'
/bin/bash: BASH_FUNC_task_finish(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC_task_finish(): line 0: `BASH_FUNC_task_finish() () { if [
$do_init_tasks -eq 1 ]; then'
/bin/bash: error importing function definition for `BASH_FUNC_task_finish'
/bin/bash: BASH_FUNC_task_tests(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC_task_tests(): line 0: `BASH_FUNC_task_tests() () { if [
-d $FAI/tests ]; then'
/bin/bash: error importing function definition for `BASH_FUNC_task_tests'
/bin/bash: BASH_FUNC_task_defvar(): line 0: syntax error near unexpected token
`)'
/bin/bash: BASH_FUNC_task_defvar(): line 0: `BASH_FUNC_task_defvar() () {
local svar=$LOGDIR/showvar.log;'
/bin/bash: error importing function definition for `BASH_FUNC_task_defvar'
/bin/bash: BASH_FUNC_task_repository(): line 0: syntax error near unexpected
token `)'
/bin/bash: BASH_FUNC_task_repository(): line 0: `BASH_FUNC_task_repository() ()
{ local hook cl hfile;'
/bin/bash: error importing function definition for `BASH_FUNC_task_repository'
/bin/bash: BASH_FUNC_set_disk_info(): line 0: syntax error near unexpected
token `)'
/bin/bash: BASH_FUNC_set_disk_info(): line 0: `BASH_FUNC_set_disk_info() () {
