02 October
2014

bash 2.05b & 3.2 ビルド手順

make bash 2.05b and 3.2

■GNU bash, version 2.05b.0(1)-release (i686-pc-linux-gnu)
#
# test
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
#
# pre work
cd /usr/local/src
mkdir bash
chown .rescue bash
chmod 775 bash
su - rescue
cd /usr/local/src/bash
#
# download bin
wget http://ftp.gnu.org/gnu/bash/bash-2.05b.tar.gz
#
# download all patches
for i in $(seq -f "%03g" 1 10); do wget http://ftp.gnu.org/gnu/bash/bash-2.05b-patches/bash205b-$i; done
#
#
tar xzvf bash-2.05b.tar.gz
cd bash-2.05b
#
# apply all patches
for i in $(seq -f "%03g" 1 10); do patch -p0 < ../bash205b-$i; done
#
# build and install
./configure
make
exit
cd /usr/local/src/bash/bash-2.05b
make install
cd /bin
mv bash{,.NO-USE}
chmod 400 bash.NO-USE
ln -s /usr/local/bin/bash
bash --version
#
# test
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
#
#
■GNU bash, version 3.2.54(1)-release (i686-pc-linux-gnu)
yum install bison
cd /usr/local/src/bash/bash-3.2
#
# rescue@unchor:/usr/local/src/bash/bash-3.2$ cat Makefile| grep ^YACC
# YACC = bison -y
#
wget http://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz
for i in $(seq -f "%03g" 1 54); do wget http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i; done
tar xzvf bash-3.2.tar.gz
cd bash-3.2
for i in $(seq -f "%03g" 1 54); do patch -p0 < ../bash32-$i; done
./configure
make
#
# replacement
exit
cd /usr/local/src/bash/bash-3.2
make install
cd /bin
mv bash{,.NO-USE}
chmod 400 bash.NO-USE
ln -s /usr/local/bin/bash
bash --version
#
# test
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"


Posted by unchor at 09:24 | Comments (0)
<< bash make 時に YACC error | Main | bash 2.05b & 3.2 ビルド手順(追記: CVE-2014-7186 / CVE-2014-7187) >>
Comments
Re: bash 2.05b & 3.2 ビルド手順

| cd /bin
| mv bash{,.NO-USE}
| chmod 400 bash.NO-USE
| ln -s /usr/local/bin/bash

/bin 以下に /usr 以下の symlink は愚かなことでし
た....

再起動すると /usr を mount する前に /bin が読ま
れるので bash が立ち上がらない、という恐ろしい自
体に。
↑まあ最近のものは / も /usr も同じ partition な
 のでそうそう大丈夫でしょうが。

Posted by: unchor at October 28,2015 01:24
Post a comment