Patch old Fedora 8 server for Shellshock Bash bug
296
post-template-default,single,single-post,postid-296,single-format-standard,bridge-core-3.0.1,qodef-qi--touch,qi-addons-for-elementor-1.5.3,qode-page-transition-enabled,ajax_updown,page_not_loaded,,vertical_menu_enabled,no_animation_on_touch,side_area_uncovered_from_content,qode-theme-ver-28.7,qode-theme-bridge,disabled_footer_top,qode_header_in_grid,wpb-js-composer js-comp-ver-6.8.0,vc_responsive,elementor-default,elementor-kit-6

Patch old Fedora 8 server for Shellshock Bash bug

25 Sep 2014 Patch old Fedora 8 server for Shellshock Bash bug

Posted at 11:16h in Apple Computer, bash, Bugs, Fedora 8, Linux, Programming by

I had an old Fedora 8 server running legacy code that I needed to patch for the Shellshock Bash bug. I proved that bash was vunerable by running this command:

env X="() { :; } ; echo busted" /bin/bash -c "echo stuff"

I saw the word “busted” in the output, meaning I needed to upgrade bash.

While newer systems have a patch available, I was not able to find one for Fedora 8, so I patched it manually by building a patched version of bash 4.2. Here is what I did:

yum install bison # in case yacc is not installed

cd /usr/src

curl -O http://ftp.gnu.org/gnu/bash/bash-4.2.tar.gz
tar xvfz bash-4.2.tar.gz
cd bash-4.2

for i in $(seq -f "%03g" 0 48); do curl https://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-$i | patch -p0; done

./configure --prefix=/usr \
--bindir=/bin \
--htmldir=/usr/share/doc/bash-4.2 \
--without-bash-malloc \
--with-installed-readline

make && make install

Once this was done, I ran the following command again:

env X="() { :; } ; echo busted" /bin/bash -c "echo stuff"

The output now reports an error, showing that bash is patched.

/bin/bash: warning: X: ignoring function definition attempt
/bin/bash: error importing function definition for `X'

Your mileage may vary. As with all updates of this sort, be sure you have a backup plan in case something goes awry.



Mastodon