LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 10-08-2014, 05:56 PM   #31
gus3
Member
 
Registered: Jun 2014
Distribution: Slackware
Posts: 497

Rep: Reputation: Disabled

Dave Wheeler has an excellent, level-headed write-up here. One thing he points out, is that the bug was in there for 25 years(!) before it was caught. It's good that it was found and fixed, but the number of observed exploits in the wild over that time was essentially nil.

Another thing he points out, is that now more of the "incidental" code is going to get a lot closer scrutiny.
 
1 members found this post helpful.
Old 10-09-2014, 09:24 AM   #32
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,010

Rep: Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142
Quote:
Originally Posted by metaschima View Post
That's interesting, maybe submit it to the bash devs. The ability to turn off this useless feature would be most useful.
Nah, judging by what I've read on 'bug-bash' they simply wouldn't be open to the idea. Someone already suggested disabling the feature when bash was invoked as 'sh' and was met with a dismissive comment. As far as Chet is concerned shell-shock is fixed by the BASH_FUNC_ prefix, and while they're still finding and fixing parsing issues, they simply don't see function importing as a threat any more.

When I wrote that patch it was simply so I could do away with that horrid bash-wrapper I was using as a short term fix. Then I thought "Hmmm, I wonder how hard it would be to add a configure option", and the patch I posted above was the result of me finding out. it was never intended for upstream (it'd need some more work for that: update documentation, GNU code styling and so on), and as I said, above, there wouldn't be any point as they just wouldn't see a need for it anyway.

Medium term, I'm going to work towards moving away from bash as the system /bin/sh on my local boxes, which is not only about this function importing stuff, there are other reasons beyond that to do so.
 
Old 10-09-2014, 02:44 PM   #33
Loomx
Member
 
Registered: Sep 2012
Distribution: Slackware
Posts: 185

Rep: Reputation: Disabled
Quote:
Originally Posted by GazL View Post
Medium term, I'm going to work towards moving away from bash as the system /bin/sh on my local boxes, which is not only about this function importing stuff, there are other reasons beyond that to do so.
Keep us posted; I'm sure I'm not the only one who would be interested in your progress.
Others in the forum seem to have had success with ksh as /bin/sh; another option which I have used and liked in the past is mksh

Cheers
 
Old 10-10-2014, 01:31 AM   #34
Smokey_justme
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 534

Rep: Reputation: 203Reputation: 203Reputation: 203
Quote:
Originally Posted by GazL View Post
You know what they say... If you want something doing...

We've had a couple of rainy days here so I spent a little time coming up with a patch for bash to make it work the way I want it to. In short, I've added a new configure option that can be used to set whether function loading is done by default, and added command-line arguments to override whatever default you set on the configure.

On the off-chance that anyone is still interested, here are the patches to be used against the 4.3.27 in -current.

Full details are in the patchfile.
Hmmm... It seams that the FreeBSD guys already did something like this here.. You seem to have a different approach, but I like the 'no-import-functions' addition...
 
Old 10-10-2014, 08:32 AM   #35
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,010

Rep: Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142
Yep, I think the original idea came from one of the NetBSD guys, FreeBSD followed suit, and I wouldn't be at all surprised if OpenBSD haven't done something similar too.

I pretty much just did what they did, but I got a little carried away and wrapped it all in configure options.

The problem with --no-import-functions is that it doesn't protect you from calls to system() or popen() or any other call to bash that won't specify it. It might be useful on the #! line of CGI scripts: though anyone in their right mind shouldn't be writing CGI in bash or any other shell script in the first place, so its probably of limited value.

As I said in one of the posts above, mostly it was just to see if I could do it.
 
Old 10-10-2014, 09:37 AM   #36
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
I think the BSD guys actually care about security, I mean look at this bash issue, libressl, and the handling of the kernel breach (much better than Linux did).

I think I'll dual boot FreeBSD for a while.
 
Old 10-10-2014, 06:35 PM   #37
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
Quote:
Originally Posted by metaschima View Post
I think the BSD guys actually care about security, I mean look at this bash issue, libressl, and the handling of the kernel breach (much better than Linux did).

I think I'll dual boot FreeBSD for a while.
Go for OpenBSD then.
 
Old 10-27-2014, 05:04 AM   #38
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,010

Rep: Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142
Quote:
Originally Posted by Loomx View Post
Keep us posted; I'm sure I'm not the only one who would be interested in your progress.
Others in the forum seem to have had success with ksh as /bin/sh; another option which I have used and liked in the past is mksh

Cheers
I hit a couple of problems using the AT&T ksh that slackware ships. Though it has many of the features that bash has, there are some differences:

Unlike bash, "eval" seems to work argument by argument in ksh, so that:
Code:
eval LUKSARRAY=( $line )
needs to be written as:
Code:
eval "LUKSARRAY=( $line )"
or you get a syntax error. This is in rc.S in the cryptsetup handling. Luckily using the quotes doesn't break bash, so quote it and it'll work in both shells, but its a difference non the less. Anyway, I've since rewritten that part of rc.S, so that doesn't really concern me, but the same issue could turn up in other scripts.


A second issue I discovered in AT&T ksh, is that it seems to break installpkg! Now, this one is odd, as it seems to be intermittent, but more often breaks than works. In /sbin/installpkg there is this section of code:
Code:
  # Test tarball integrity and get uncompressed package size:
  if [ "$MODE" = "install" ]; then
    echo "Verifying package $(basename $package)."
  fi
  cat $package | $packagecompression -dc | dd 2> $TMP/tmpsize$$ | $TAR tf - 1> $TMP/tmplist$$ 2> /dev/null
  TARERROR=$?
  if [ ! "$TARERROR" = "0" ]; then
    EXITSTATUS=1 # tar file corrupt
    if [ "$MODE" = "install" ]; then
      echo "Unable to install $package:  tar archive is corrupt (tar returned error code $TARERROR)"
    fi
    rm -f $TMP/tmplist$$ $TMP/tmpsize$$
    continue
  fi
  UNCOMPRESSED="$(expr $(cat $TMP/tmpsize$$ | head -n 1 | cut -f 1 -d +) / 2)"
  if [ $UNCOMPRESSED -lt 1024 ]; then
    UNCOMPRESSED="${UNCOMPRESSED}K"
  elif [ $UNCOMPRESSED -lt 10239 ]; then
    UNCOMPRESSED="$(expr $UNCOMPRESSED \* 1000 / 1024 | cut -b1).$(expr $UNCOMPRESSED \* 1000 / 1024 | cut -b2)M"
  else
    UNCOMPRESSED="$(expr $UNCOMPRESSED / 1024)M"
  fi
  rm -f $TMP/tmpsize$$
What seems to happen is that the tmpsize$$ file is left empty, which then means that UNCOMPRESSED is left empty, which causes a syntax error in the test. But, it occasionally works, and I haven't been able to determine why.

A final issue with ksh stems from its default aliases, specifically 'stop' which unfortunately seems to be a fairly common function name in many scripts and will result in ksh trying to run a kill command rather than the intended function.


mksh looks interesting and will be something I'm going to be looking at, though I've not been playing with it long enough to get a feel for how well it works. It does have a much smaller memory footprint that bash, which is nice.


Anyway, that's what I've discovered so far.
 
1 members found this post helpful.
Old 10-27-2014, 11:39 AM   #39
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
Yeah, I've also noticed that installpkg and upgradepkg aren't safe to switch to ksh, like you said they work sometimes but not other times.
 
Old 10-28-2014, 01:38 AM   #40
drmozes
Slackware Contributor
 
Registered: Apr 2008
Distribution: Slackware
Posts: 1,595

Rep: Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339Reputation: 1339
Quote:
Originally Posted by metaschima View Post
Yeah, I've also noticed that installpkg and upgradepkg aren't safe to switch to ksh, like you said they work sometimes but not other times.
Why would you want to switch the package tools to use Ksh? I don't see the reason for this. What attack vector is there?
 
Old 10-28-2014, 05:27 AM   #41
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,010

Rep: Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142
Quote:
Originally Posted by drmozes View Post
Why would you want to switch the package tools to use Ksh? I don't see the reason for this.
There's no reason at-all to use ksh for pkgtools, you're kind of missing the point. I was just using ksh because it was installed. The goal of my experiment was to identify issues that occur when I change /bin/sh to any shell other than bash, and the pkgtools just happen to specify #!/bin/sh and so were impacted. I started with ash first, and then moved onto ksh because it was already installed. Next on my list is mksh.

Ideally I'd like to be able to have the system be agnostic with regard to what provides /bin/sh, but I accept that this may be too problematic given the amount of scripts out there that just assume bash. Dismiss it as scratching an itch if you want, but I don't see what's so wrong with having a go and seeing what happens!

I was surprised by this particular issue with installpkg given that I believe the pkgtools are designed to be usable with 'ash' and as such I wasn't expecting any problems. Given the intermittent nature of the problem, I suspect its some sort of race condition/bug in ksh rather than any problem with the installpkg script itself, which seems to be in keeping with POSIX and seems to work fine with any other shell, including mksh (which I tested briefly).

Last edited by GazL; 10-28-2014 at 05:42 AM.
 
Old 10-28-2014, 05:48 AM   #42
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-15.0
Posts: 11,167

Rep: Reputation: Disabled
...And those of us who use KornShell rather than BASH can change the shebang of the scripts in concern, one way or another.

I didn't try but other than just editing each involved script, that could be replacing the symlink /bin/sh with a script that chooses a different shell in the few cases it's needed.

PS I should have tried... "Bad interpreter", of course.

I know that I should think before I type, and check before I post, but sometimes I forget. Sorry for the noise.

Last edited by Didier Spaier; 10-28-2014 at 06:05 AM. Reason: PS added.
 
Old 10-29-2014, 06:38 AM   #43
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065
I'm getting to where I've got some time to fiddle around and see what I can break.

I'm going to do a clean install (Slackware 64-bit, 14.1) then change the /bin/sh symbolic link from bash to ksh. Then I'm going to install all the patches and see what happens (if anything).

As I understand it, BASH or KornShell when executed as sh are supposed to magically become only Bourne Shell (with no "extras") and it might be interesting to see if that's actually completely true. The #!/bin/sh should execute any of the Bourne compatible shells as sh (just as #!/bin/ksh or #!/bin/bash should execute as either of those).

If stuff works, I'll start adding data bases and a couple of applications (like, oh, say, OpenOffice) and see what happens (shouldn't be anything happening in those cases, they're not shell programs).

I kind of suspect that linking /bin/ksh to /bin/sh won't do much of anything and I won't be changing anything that explicitly has the BASH shebang embedded (that would be an actual BASH shell program and I'll just leave that alone for the moment). I have done a little bit of fiddling around with BASH programs, running them as KornShell, and mostly they just work (the grammar and syntax are pretty much the same for most stuff but not for the exotic BASHisms).

This might just be an interesting exercise in futility, eh?
 
Old 10-29-2014, 07:02 AM   #44
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,010

Rep: Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142Reputation: 5142
Quote:
Originally Posted by tronayne View Post
As I understand it, BASH or KornShell when executed as sh are supposed to magically become only Bourne Shell (with no "extras") and it might be interesting to see if that's actually completely true.
It's not. While running bash as 'sh' (or with --posix or POSIXLY_CORRECT=y ) does change some of its behaviours to be more in keeping with the POSIX standard, it doesn't disable any of its extensions. A shell can be POSIX compliant while still providing extensions, but a shell-script isn't POSIX compliant if it uses any of them.
 
1 members found this post helpful.
Old 10-29-2014, 10:28 AM   #45
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065Reputation: 1065
Quote:
Originally Posted by GazL View Post
It's not. While running bash as 'sh' (or with --posix or POSIXLY_CORRECT=y ) does change some of its behaviours to be more in keeping with the POSIX standard, it doesn't disable any of its extensions. A shell can be POSIX compliant while still providing extensions, but a shell-script isn't POSIX compliant if it uses any of them.
Well, alrighty then, that puts the kibosh on that. Bah, humbug.

Looks to me like my choice is to stick with KornShell for all shell programming (which is what I do anyway) and hope that system BASH shell programs don't carry ebola along with 'em.

Hobson's choice.
 
  


Reply

Tags
bash, exploit, security, shell shock, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Deconstructing the open cloud, the OpenStack Trove roadmap, and more LXer Syndicated Linux News 0 09-08-2014 05:21 PM
ssh from solaris 9 with a bash shell of 2.0 to suse 3.2 bash shell slufoot80 Solaris / OpenSolaris 3 09-19-2012 03:06 PM
ssh from solaris 9 with a bash shell of 2.0 to suse 3.2 bash shell slufoot80 Solaris / OpenSolaris 1 09-19-2012 01:19 PM
LXer: Deconstructing Nautilus and rebuilding it better LXer Syndicated Linux News 1 03-17-2010 07:01 PM
LXer: Deconstructing Nautilus and rebuilding it better LXer Syndicated Linux News 0 03-17-2010 03:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration