以下from stackexchange,实测有效,链接: http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271-and-cve-2014-7
以下为搬砖:
1.用homebrew bash的童鞋
brew update
brew upgrade bash
2.用苹果自带bash的童鞋
mkdir bash-fix
cd bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
cd ..
xcodebuild
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
build/Release/bash --version # GNU bash, version 3.2.52(1)-release
build/Release/sh --version # GNU bash, version 3.2.52(1)-release
sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin
验证是否成功
输入
bash -version
输出
GNU bash, version 3.2.52(1)-release (x86_64-apple-darwin13)
则说明升级成功
输入
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
只输出
hello
则说明升级成功
若输出了
vulnerable
hello
就赶紧滚去修复吧~
以下为搬砖:
1.用homebrew bash的童鞋
brew update
brew upgrade bash
2.用苹果自带bash的童鞋
mkdir bash-fix
cd bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
cd ..
xcodebuild
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
build/Release/bash --version # GNU bash, version 3.2.52(1)-release
build/Release/sh --version # GNU bash, version 3.2.52(1)-release
sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin
验证是否成功
输入
bash -version
输出
GNU bash, version 3.2.52(1)-release (x86_64-apple-darwin13)
则说明升级成功
输入
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
只输出
hello
则说明升级成功
若输出了
vulnerable
hello
就赶紧滚去修复吧~
Select Language