Bash is the Linux default shell, and Han O Sinox is also installed, although Sinox does not use bash by default, but the user may be compromised by a vulnerability once it is used, so it must be repaired quickly. Although Sinox uses FreeBSD's ports, FreeBSD has been upgraded to the latest software management Pkg,ports is being eliminated, to be directly updated via PORTSNAP to the latest ports and then installed with PKG, However, the latest ports is only used above FREEBSD10 and may not be supported for low-version pkg. Anyway, if you want to use PKG, only with FREEBSD10, otherwise the problem will be many, Pkg will directly upgrade to the latest version of the software. Pkg is generated to implement a similar Yum Direct update binary program. To compile the latest ports, first compile and install the latest pkg. The latest ports running some programs in Sinox will be problematic.
That being the case, we can only modify Sinox's current version of Bash to block the vulnerability. Look at bash vulnerabilities first.
Run Env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"
Produce results
Vulnerable
Echo This is a test
The problem is that the environment variable x passes () {:;}; Echo vulnerable is obtained, but where Echo is a system command, it executes.
If you change the echo vulnerable to ls,pwd, you'll get super admin privileges if sudo. Web users can use bash to run command control systems, such as CGI programs.
I consulted the online information, plugging the vulnerability principle is to modify the process of the introduction of the function, and refer to the latest bash ports changes, developed the current version of the Bash blocking vulnerability approach.
First extract the code with make Extract,make patch, and then back up SHELL.C and variables.c for the back Add. Orig, then modify SHELL.C and VARIABLES.C, and then go to the source directory to generate patches.
Diff-un Shell.c.orig shell.c > Shell.c.patch
Diff-un Variables.c.orig variables.c >variables.c.patch
Place the resulting patch file in the Ports source files directory. Then add these two lines in makefile
extra_patches+= ${patchdir}/shell.c.patch
extra_patches+= ${patchdir}/variables.c.patch
Now enter the directory, make Clean;make. Check to see if the code has been corrected properly. Make the install if it's OK.
In order to force the installation, I added in/etc/make.conf
Force_pkg_register=yes
After the installation is done, run bash. Enter the above command line, no longer appears vulnerable, repair success.
In order to compile with gcc4.6, I set the make.conf in
Disable_vulnerabilities=yes
. if!empty (. curdir:m/usr/ports/*) && exists (/USR/LOCAL/BIN/GCC46)
Cc=gcc46
cxx=g++46
Cpp=cpp46
. endif
Paste the patch file below
Shell.c.patch
-shell.c.orig 2011-01-03 05:04:51.000000000 +0800
+ + + shell.c 2014-10-11 17:37:30.000000000 +0800
@@ -225,7 +225,7 @@
#else
int posixly_correct = 0; /* Non-zero means posix.2 superset. */
#endif
–
+int import_functions = 0;//import_functions_def; Patch
/* Some long-winded argument names. These is obviously new. */
#define INT 1
#define CHARP 2
@@ -244,6 +244,7 @@
{"Help", Int, &want_initial_help, (char * *) 0x0},
{"Init-file", Charp, (int *) 0x0, &bashrc_file},
{"Login", Int, &make_login_shell, (char * *) 0x0},
+ {"Import-functions", Int, &import_functions, (char * *) 0x0},//patch
{"Noediting", Int, &no_line_editing, (char * *) 0x0},
{"Noprofile", Int, &no_profile, (char * *) 0x0},
{"Norc", Int, &NO_RC, (char * *) 0x0},
Variables.c.patch
-variables.c.orig 2014-10-11 19:22:10.000000000 +0800
+ + + variables.c 2014-10-11 19:21:34.000000000 +0800
@@ -100,6 +100,7 @@
extern int assigning_in_environment;
extern int executing_builtin;
extern int Funcnest_max;
+extern int Import_functions;//patch
#if defined (READLINE)
extern int no_line_editing;
@@ -312,7 +313,8 @@
Char *name, *string, *temp_string;
int C, Char_index, String_index, string_length;
Shell_var *temp_var;
–
+ int Skipped_import;//patch
+
Create_variable_tables ();
for (String_index = 0; string = env[string_index++];)
@@ -335,11 +337,18 @@
Char_index = = strlen (name) */
Temp_var = (Shell_var *) NULL;
–
+ Skipped_import = 0;//patch
+reval://patch
/* If exported function, define it now. Don ' t import functions from
The environment in privileged mode. */
–if (Privmode = = 0 && Read_but_dont_execute = = 0 && streqn ("() {", String, 4))
+ if (Skipped_import = = 0 && Privmode = = 0 && read_but_dont_execute = 0 && streqn ("() {", String , 4))//patch
{
+ if (!import_functions &&!interactive_shell) {//patch ————
+ Skipped_import = 1;
+//report_error (_ ("Skipping importing function definition for '%s ': –import-functions required."), tname);
+ goto Reval;
+}//——— –patch
+
String_length = strlen (string);
temp_string = (char *) Xmalloc (3 + string_length + char_index);
I made a bash repair installation package for sinox2014, which is the 64-bit installation command below |
Pkg_add-f FTP://SINOX.3322.ORG/BASH-4.2.20.TBZ
sinox2013 did not make repair installation package, you can follow the above instructions to build their own repair.
Quick fix han o sinox command interpreter bash shell