• Starting today August 7th, 2024, in order to post in the Married Couples, Courting Couples, or Singles forums, you will not be allowed to post if you have your Marital status designated as private. Announcements will be made in the respective forums as well but please note that if yours is currently listed as Private, you will need to submit a ticket in the Support Area to have yours changed.

  • CF has always been a site that welcomes people from different backgrounds and beliefs to participate in discussion and even debate. That is the nature of its ministry. In view of recent events emotions are running very high. We need to remind people of some basic principles in debating on this site. We need to be civil when we express differences in opinion. No personal attacks. Avoid you, your statements. Don't characterize an entire political party with comparisons to Fascism or Communism or other extreme movements that committed atrocities. CF is not the place for broad brush or blanket statements about groups and political parties. Put the broad brushes and blankets away when you come to CF, better yet, put them in the incinerator. Debate had no place for them. We need to remember that people that commit acts of violence represent themselves or a small extreme faction.
  • We hope the site problems here are now solved, however, if you still have any issues, please start a ticket in Contact Us

  • The rule regarding AI content has been updated. The rule now rules as follows:

    Be sure to credit AI when copying and pasting AI sources. Link to the site of the AI search, just like linking to an article.

Bash Bug/Shellshock

MrJim

Legend 3/17/05
Mar 17, 2005
16,491
1,369
FEMA Region III
✟59,025.00
Gender
Male
Faith
Christian
Marital Status
Married
Anyone losing sleep on this one?:waaah:

By now you have heard about a new bug in one of the most popular Unix shell programs, the Bourne-again Shell, or bash. If you run Mac OSX you probably have used bash, it is the default terminal app. Shellshock is a “bug” in the way Heartbleed is a “bug.” A mistake in implementing code. Shellshock allows anyone (or anything) that has shell access to execute arbitrary code.


ShellShock Bug In Bash Could Spawn Worm - Forbes
 

Qyöt27

AMV Editor At Large
Apr 2, 2004
7,879
573
40
St. Petersburg, Florida
✟96,859.00
Faith
Methodist
Marital Status
Single
Politics
US-Others
There still has to be a certain point-of-access, and as always, protecting oneself is a matter of performing regular updates. Even though Debian and Ubuntu use Dash for general script execution (and this reduces their vulnerability to Shellshock*, although they've used Dash for years just because it's faster), there was an update that came through the pipeline last night for bash, I assume in the effort to begin tackling this.

The overall scenario seems to be mostly of concern for those who do operations with external services - SSH, Apache servers, etc. While Apple will eventually get OSX's default version of bash patched, in general it's better to switch bash's update path to the builds provided by Homebrew. Mainly because Apple ships OSX with bash 3.2 (with minimal backported patches, which is where the fix will come), while Homebrew provides the latest stable version (currently 4.3, plus the regular urgent security patches and bugfixes any normal repo system will update their builds for). For reference, bash 3.2 was released in 2006, and stopping getting regular patches after November of 2008, and had no patches from March 17th, 2010 until 2 days ago, when the news of this broke. 4.3 was released as stable 7 months ago, and is still being regularly updated, because it's the current version.

*Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open ? The Register
Ubuntu and other Debian-derived systems that use Dash exclusively are not at risk – Dash isn't vulnerable, but busted versions of Bash may well be present on the systems anyway. It's essential you check the shell interpreters you're using, and any Bash packages you have installed, and patch if necessary.



As long as the user already has Homebrew installed, it's possible to switch bash over to Homebrew's by doing the following:
Code:
# Install bash 4.3 from Homebrew:
brew install bash

# Change the permissible login shell to Homebrew's build of bash:
sudo open -a TextEdit.app /etc/shells

# Change '/bin/bash' to '/usr/local/bin/bash', save, and exit TextEdit.

# Force the old version of bash out of the execution path for the Terminal by renaming it:
sudo mv /bin/bash /bin/bashold

# Symlink Homebrew's to /bin/bash so that existing shell scripts still work:
sudo ln -s /usr/local/bin/bash /bin/bash
That will make it to where only Homebrew's is seen when the user types in 'bash', and the Terminal will use it instead of the default one. You can see this by typing in 'bash --version' and looking at the readout. You may need to close and re-open the Terminal to get it fully refreshed. Generally, I'd trust Homebrew to get any patches and updates out faster than Apple would anyway, and this makes it simple to do so.

And yes, Homebrew's version of bash is 4.3.26, meaning it has all of the current patches applied. It actually updated to .26 while I was in the process of writing up that set of instructions. I'd installed it a couple minutes earlier, as .25, and voila, an update came down before I logged off, the same day as the .26 patch was uploaded to the GNU mirror linked to above.
 
Last edited:
Upvote 0

Sketcher

Born Imperishable
Feb 23, 2004
39,053
9,491
✟428,891.00
Faith
Non-Denom
Marital Status
Single
Politics
US-Republican
Upvote 0
Feb 2, 2013
3,492
111
✟34,178.00
Faith
Humanist
Marital Status
Private
Time for Windows users to gloat.

haha-no.gif


:p:p
 
Upvote 0

Sketcher

Born Imperishable
Feb 23, 2004
39,053
9,491
✟428,891.00
Faith
Non-Denom
Marital Status
Single
Politics
US-Republican
He's trying to imply that Windows users should gloat in the fact that Windows is unaffected by the bash security flaw, when in reality the security of Windows pales in comparison to the security of Linux.
I know this. I don't think he does.
 
Upvote 0

lesliedellow

Member
Sep 20, 2010
9,654
2,582
United Kingdom
Visit site
✟119,577.00
Faith
Calvinist
Marital Status
Single
Politics
UK-Liberal-Democrats
About what exactly? I also use Windows.

Linux users are always on about how "secure" Linux is, and how "insecure" Windows is. What they really mean is that virus writers mostly don't bother themselves with something which has only around 3% of the market.
 
Upvote 0

EphesiaNZ

It's me! Who else could it be...
Apr 19, 2011
5,471
453
New Zealand
✟30,297.00
Gender
Male
Faith
Christian
Marital Status
Married
Linux users are always on about how "secure" Linux is, and how "insecure" Windows is.

Nothing is secure but the above quote holds fairly true.

What they really mean is that virus writers mostly don't bother themselves with something which has only around 3% of the market.

It's called security by obscurity. Long may it continue. :)

Fact: 95% of the worlds super computers run Linux.

Fact: Linux dominates totally in data centers across the world.

Fact: Windows still dominates the desktop but the desktop market is a shadow of its former self.

Fact: The following link shows how Linux has failed (NOT) in the mobile space,

https://en.wikipedia.org/wiki/Linux_adoption#mediaviewer/File:World_Wide_Smartphone_Sales.png

Fact: Windows only claim to fame (usage) is now the dwindling desktop market. In all other categories it is pretty much a minor player.

If you look at the total device market share worldwide, you will see that 3% is a rather low figure. Maybe multiply that figure by 20 and that might reflect the true picture.
 
Upvote 0
Feb 2, 2013
3,492
111
✟34,178.00
Faith
Humanist
Marital Status
Private
If you look at the total device market share worldwide, you will see that 3% is a rather low figure. Maybe multiply that figure by 20 and that might reflect the true picture.

Yep, since Android devices run the Linux kernel and make up 47% of the mobile market [source] and Linux runs over half of the world's webservers [source], I'd say it has done pretty well.

Linus Torvalds explaining why Linux is successful in mobile and server spheres but isn't successful on the desktop:

Q&A session with Linus Torvalds: Why is Linux not competitive on desktop? - YouTube
 
Upvote 0

Sketcher

Born Imperishable
Feb 23, 2004
39,053
9,491
✟428,891.00
Faith
Non-Denom
Marital Status
Single
Politics
US-Republican
Linux users are always on about how "secure" Linux is, and how "insecure" Windows is. What they really mean is that virus writers mostly don't bother themselves with something which has only around 3% of the market.

And they know the benefits of only installing software through trusted repositories, as well as the speed at which the open source community is able to patch flaws, and the user account model that Linux uses. I have run into accounts that were hacked for months on end due to flaws in installed web apps, but the server itself was not compromised - the infection was locked into those accounts, and those accounts only. What is the earliest version of Windows where this has been known to happen?
 
Upvote 0