先前的 Heartbleed 漏洞只影響 OpenSSL ,這是傳輸資料加密相關的程式有漏洞,而駭客可以藉此攻破系統。而這次的 Shell Shock 漏洞是 Linux 用戶、系統管理員常使用的 Bash ,在許多版本中都有這個遠端執行程式碼的安全性漏洞。
如果你的網頁伺服器程式中有呼叫 Bash Shell 的話,駭客能夠利用漏洞去改變其環境變數,遠端執行惡意的程式碼,取得系統資料。
如何測試你的系統:
系統管理者可以在 Shell 底下輸入這串命令
QUOTE:
env x='() { :;}; echo XD' bash -c "echo This is a test code"
如果回傳「XD」就代表有洞快補。
如果回傳「bash: warning: x: ignoring function definition attempt」就代表沒事,可以logout了。
這邊介紹 Mac OSX 如何透過 brew 更新:
QUOTE:
$ which bash
/bin/bash
$ /bin/bash --version
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
The most current bash is 4.3.25
If you don't have Xcode installed, you'll need the Xcode command line tools, which can be installed by
QUOTE:
$ xcode-select --install
To update Brew:
QUOTE:
brew update
To get the latest bash 4.3.25:
QUOTE:
$ brew install bash
This installs bash into /usr/local/Cellar/bash/4.3.25/bin/bash
The old bash and sh still exists at /bin, so after installing you'll rename the old executables to a new file.
QUOTE:
$ sudo mv /bin/bash /bin/bash_old
$ sudo mv /bin/sh /bin/sh_old
If you are very paranoid, you can remove execute permissions on the bash_old
QUOTE:
$ sudo chmod a-x /bin/bash_old /bin/sh_old
Then create a symbolic link to the new bash 4.3.25 that brew installed.
QUOTE:
$ sudo ln -s /usr/local/Cellar/bash/4.3.25/bin/bash /bin/bash
$ sudo ln -s /usr/local/Cellar/bash/4.3.25/bin/bash /bin/sh
到這邊就算完成了...接著再檢查一下
QUOTE:
$ bash --version
GNU bash, version 4.3.25(1)-release (x86_64-apple-darwin13.4.0)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
在跑一次:
QUOTE:
$ env x='() { :;}; echo XD' bash -c "echo This is a test code"
bash: warning: x: ignoring function definition attempt
bash: 錯誤,輸入的函數定義為 `x'
This is a test code
終於搞定...收工!
Linux如何檢測及修復:
http://dz.adj.idv.tw/thread-148373-1-1.html