[email protected] bash-4.3.30]# cat Makefile |grep Prefix
prefix =/usr/local
Exec_prefix = ${prefix}
Datarootdir = ${prefix}/share
Bindir = ${exec_prefix}/bin
Libdir = ${exec_prefix}/lib
Includedir = ${prefix}/include
Prefix=${prefix} Exec_prefix=${exec_prefix} \
[Email protected] bash-4.3.30]# Whereis bash
BASH:/usr/bin/bash/usr/local/bin/bash/usr/share/man/man1/bash.1.gz
[Email protected] bash-4.3.30]#/usr/bin/bas
Base64 basename Bash Bashbug bashbug-32
[Email protected] bash-4.3.30]#/usr/bin/bash--version
GNU Bash, version 4.2.45 (1)-release (I686-REDHAT-LINUX-GNU)
Copyright (C) Free Software Foundation, Inc.
License gplv3+: GNU GPL version 3 or later
This was free software; Redistribute it.
There is NO WARRANTY, to the extent permitted by law.
[Email protected] bash-4.3.30]#/usr/local/bin/bash--version
GNU Bash, version 4.3.30 (1)-release (I686-PC-LINUX-GNU)
Copyright (C) Free Software Foundation, Inc.
License gplv3+: GNU GPL version 3 or later
This was free software; Redistribute it.
There is NO WARRANTY, to the extent permitted by law.
[Email protected] bash-4.3.30]#
Library file Query
[Email protected] bash-4.3.30]# LDD bash
Linux-gate.so.1 = (0xb779a000)
libtinfo.so.5 =/lib/libtinfo.so.5 (0x4e41c000)
libdl.so.2 =/lib/libdl.so.2 (0x4c65c000)
libc.so.6 =/lib/libc.so.6 (0x4c49c000)
/lib/ld-linux.so.2 (0x4c473000)
[Email protected] bash-4.3.30]#
[Email protected] shell_up_zhb]# chsh-l
/bin/sh
/bin/bash
/sbin/nologin
/usr/bin/sh
/usr/bin/bash
/usr/sbin/nologin
[Email protected] shell_up_zhb]# lsof/bin/sh
COMMAND PID USER FD TYPE DEVICE size/off NODE NAME
Bash 8522 root txt REG 253,1 917564 11014242/usr/bin/bash
[Email protected] shell_up_zhb]# Lsof/bin/bash
COMMAND PID USER FD TYPE DEVICE size/off NODE NAME
Bash 8522 root txt REG 253,1 917564 11014242/usr/bin/bash
SH 8914 root txt REG 253,1 917564 11014242/usr/bin/bash
[Email protected] shell_up_zhb]#
1 before the idea is to copy the upgraded executable files, libraries, configuration files (if any), began to follow the idea of upgrading, failure, and unable to log in.
2 later found that the CHSH command can be set to use the SH, consider upgrading the log after the SH, boot using another, upgrade after successful in, switch to upgrade another. Later found that the system actually uses only one sh, the second thought is wrong
The 3 bash upgrade is just an attempt to patch up a painstaking vulnerability by simply upgrading the executable file. Through lsof found that the actual use of/usr/bin/sh shell,/bin/sh is actually connected, then only copy/usr/bin/sh,/usr/bin/bash, copy when found in use, then copy in the copy.
4 Copy successful, try it with the test example and find that you can
[Ntp-fedora20 SHELL_UP_ZHB] #env x= ' () {:;}; echo vulnerable ' bash-c "echo this is a test"
Vulnerable
This is a test
[Ntp-fedora20 SHELL_UP_ZHB] #env x= ' () {:;}; echo vulnerable './bash-c "echo This is a test"
This is a test
5 reboot found success
Shell upgrade complete record