Questions about bash only, as opposed to other Bourne/POSIX shells. For all Bourne/POSIX-style shells, use the /shell tag instead.
2
votes
1answer
25 views
How to pass environment variables to a non-interactive shell (with example)?
In a sh script another sh script is started with su -l <user> -c /path/to/script.sh. As far as I understood script.sh will be run in a non-interactive shell. The official documentation tries to ...
0
votes
0answers
68 views
shellshock solution for nexenta/solaris
I'm trying to solve the shellshock issue on my system:
SunOS localhost 5.11 NexentaOS_134f i86pc i386 i86pc Solaris
# bash --version
GNU bash, version 3.2.48(1)-release (i386-pc-solaris2.11)
...
0
votes
1answer
37 views
SSH to a server, execute update command that continues even after logging off the ssh session
Okay I saw a lot of questions like this, but almost all have either theoretical answers which do clear the concept but I am still not able to put it up in code.
What I want to achieve using a bash ...
1
vote
1answer
27 views
How to prevent screen from terminating once process ends
I'm launching a process in a named screen like:
screen -dmS myscreen bash -c "export VAR=123; cd /usr/local/myproject; ./myscript.py"
However, after a few minutes, my script crashes and when it ...
0
votes
0answers
19 views
Redirect a directory as input to a script and output to a file
I want to use a directory name as a parameter for a pre-made script. Then the output goes into a newly made file in the home directory. It involves pipe/redirection. How do I do that?
read dir
$dir ...
0
votes
0answers
53 views
Which component does depend on “importing shell functions from environment variables” feature? [on hold]
This is my first question. Which component does rely on the bash feature "importing functions from environment variables"? (Let me call it "BASH_FUNC import" feature here). I want to know "actual ...
0
votes
0answers
12 views
Why is the ability to specify functions in environment variables that have a higher precedence than binaries in PATH not a vulnerability? [duplicate]
So, Shellshock for me has brought to light the ability to put function definitions in environment variables in the first place, and I'm wondering why this isn't also considered a vulnerability in ...
1
vote
3answers
49 views
Input two numbers and add them when “a” is typed, subtract when “s” is typed
So I'm having a little trouble with this code. When i try to execute I get the message
line 12: 0: command not found
#!/bin/bash
let results=0;
echo "First number please"
read num1
echo ...
7
votes
2answers
134 views
Why is a variable visible in a subshell?
The Learning Bash Book mentions that a subshell will inherit only environment variables and file descriptors, etc., and that it will not inherit variables that are not exported:
$ var=15
$ (echo ...
4
votes
1answer
90 views
Why does bash even parse/run stuff put in the environment variable?
The shellshock bug in bash works by way of environment variables.
Honestly I was suprised by the fact that there is such a feature like:
"passing on of function definitions via env vars"
Therefore ...
2
votes
2answers
25 views
Non-printing escape sequence: when?
Recently, I have been playing around a lot with color in the terminal and, therefore, with escape sequences, too. I've read the relevant parts of the Bash manpage along with numerous helpful pages on ...
2
votes
2answers
35 views
echo test | stty -echo -> stty: standard input: Inappropriate ioctl for device
I was playing with a perl script that takes user input with the following:
system( qw( stty -echo ) );
$? == 0 or die "Error unable to disable character printing.\n";
print "$prompt: ";
my $input = ...
0
votes
1answer
21 views
Using $BASHPID in grep statement
I'm trying to exclude the PID of the subshell from the results returned by pgrep. Note that the name of the file is the same as the name passed to pgrep. Why does setting a variable equal to BASHPID ...
0
votes
2answers
1k views
bash vulnerability CVE-2014-6271 (Shellshock) fix on debian squeeze [duplicate]
I upgraded my old squeeze server, but still the vulnerability seems to be there:
$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
vulnerable
hello
How do I upgrade bash to a newer version ...
1
vote
2answers
423 views
Do I have to reboot after updating bash to avoid shellshock?
I've updated my systems to the latest versions of bash (Fedora: bash-4.2.48-2.fc19.x86_64 and CentOS: bash-4.1.2-15.el6_5.2.x86_64)
Is merely updating enough to avoid the exploit or do I need to then ...
3
votes
1answer
277 views
Legacy Debian versions and bash shell shock
We are running Debian Etch, Lenny and Squeeze because upgrades have never been done in this shop; we have over 150 systems running various Debian versions. In light of the "shell shock" of this ...
5
votes
4answers
196 views
Is there a difference between read, head -1, and sed 1q?
The following commands seem to be roughly equivalent:
read varname
varname=$(head -1)
varname=$(sed 1q)
One difference is that read is a shell builtin while head and sed aren't.
Besides that, is ...
6
votes
2answers
81 views
Why is the ability to definine functions in an enviromental variable not a security risk in itself?
As I understand it, generally it is considered safe to let anyone provide information that will be stored in an environmental variable. The shellshock vulnerability is an issue here because it means ...
14
votes
4answers
870 views
Do we have more history for cd?
cd - can move to the last visited directory. Can we visit more history other than the last one?
1
vote
1answer
25 views
www server restart after upgrading bash regarding the shell shock bug?
If a webserver uses CGI with bash, does it calls bash every time when there is a request regarding CGI or does it caches (bash and related libraries) it when starting the webserver?
Q: So is a ...
-2
votes
0answers
24 views
When is ldconfig needed after upgrading because of the bash shell shock? [on hold]
Exactly when do I have to run an:
ldconfig
After I upgraded the bash package because of the "shell shock" bug?
2
votes
4answers
41 views
Bash - How do I loop through subdirectories and extract the files
I have a directory called 10K_TIF (main directory). Within this main directory are multiple sub-directories each containing tif images. I want to read each TIF image and extract its path using a bash ...
5
votes
3answers
695 views
Shellshock: Why this error when testing for vulnerability
I am using Fedora 20 on two machines.
Having read about the Shellshock vulnerability, just now at 1100ish UTC on September 26th 2014, in UK, after a yum update bash to protect against it, I tried ...
4
votes
2answers
55 views
How to capture ordered STDOUT/STDERR and add timestamp/prefixes?
I have explored almost all available similar questions, to no avail.
Let me describe the problem in detail:
I run some unattended scripts and these can produce standard output and standard error ...
2
votes
2answers
120 views
Correct way to find this (shellshock patch) package?
I was out to patch some squeeze servers for the shellshock bug.
A few googles later I found that I could updated my apt sources list. This did however not work for some reason.
I tried to search for ...
0
votes
1answer
27 views
Bash crashes when running common commands [on hold]
Open Bash, run Top, and about 1/3 times, bash just closes. The other 2/3 times, it runs properly. The same thing occurs with other commands like "clear" or "/sbin/ifconfig"
Any ideas what may be ...
4
votes
3answers
42 views
How to convert an unsigned decimal (less than 1<<32) to 4 bytes (binary) in bash?
Example:
$ decimal=$(( RANDOM << 17 | RANDOM << 2 | RANDOM >> 13 ))
$ echo $decimal
$ printf "%016x" $decimal | xxd -r -p >bytes
The result is in bytes file.
Can it be done ...
2
votes
2answers
29 views
Interacting with a running interactive console program from a different process
I have a console program with an interactive shell, similar to say, the Python interactive shell. Is there an easy way to start this interactive program A and then use another program B to run A? I ...
-1
votes
0answers
30 views
Latest Bash shell hack [duplicate]
What is all this recent fuss about Bash being vulnerable? I read that it is somehow related to environment variables but could not get a hold of it.
Can someone explain this vulnerability to me?
1
vote
3answers
43 views
Modify some files to add the file name
I have a bunch of text (hundreds of txt) inside a directory. Each of them has a unique filename. I want to insert filename of each file into the first line of respective files. How can I do that using ...
2
votes
2answers
56 views
Interactive multiple choice in a bash script
Is there a simple way to let the user interactively choose one of the lines of the
output of lsblk -f?
NAME FSTYPE LABEL MOUNTPOINT
sda
├─sda1 ntfs WINRE_DRV
...
0
votes
0answers
21 views
Can't set PATH with a script [duplicate]
I have written a script which was supposed to add some value to environmental variable PATH, but script doesn't do that if I start it with ./script.sh.
#! /bin/bash
INSTALLDIR="/opt/ARM"
...
0
votes
3answers
34 views
Bash Combine Replacement and Sub String Extraction in One Step
For a string in this format:
./my-site.sub.domain.com
I would like to remove the .,-, and /, and trim the remainder to 16 characters: mysitesubdomainc
I've done this
...
1
vote
1answer
23 views
help organizing ssh aliases
My .ssh/config is starting to grow with aliases, and remembering them all is getting harder.
Do you have any tips for better manage this growing collection?
For example an autocomplete when I type ...
1
vote
1answer
41 views
/bin/sh: error importing function definition for `some-function'
I encountered this error when updating bash for the CVE-2014-6271 security issue:
# yum update bash
Running transaction (shutdown inhibited)
Updating : bash-4.2.47-4.fc20.x86_64
/bin/sh: error ...
2
votes
0answers
182 views
How to test shellshock against remote machine using a simple script [on hold]
I am interested in testing for shellshock vulnerable machines that I don't have shell access to on my LAN's and WAN's such as IPMI cards and Internet of things devices. What is the best way to ...
3
votes
2answers
32 views
Parenthesis works in bash shell itself, but not in bash script
As the title says, I can run this command from my command line prompt:
cp -r folder/!(exclude-me) ./
To recursively copy all contents of folder except for the subdirectory named exclude-me into the ...
1
vote
0answers
18 views
Maintain screen session when executing shell script on boot
On Ubuntu 14.04, I have a crontab entry set to run on reboot:
@reboot /root/start_server.sh
And here's start_server.sh:
screen -dmS server bash -c "cd server ; ./run.sh"
When the system starts ...
0
votes
0answers
14 views
Ubuntu 14.04 HDMI UDev Script
I have tried multiple variations to this script but I cannot get it to work. The UDEV Rule fires the script and the script exectutes but simply does not change the audio profile.
If I run the script ...
3
votes
5answers
76 views
How can I cd from parent1/suba/subb to parent2/suba/subb without listing subdirectories?
I have multiple parent directories with the same file structure beneath them.
Example:
parent1/suba/subb/
parent2/suba/subb/
When I am in parent1/suba/subb, I would like to change to ...
1
vote
2answers
149 views
How does the latest “Bash Bug” or exploit affect systems that require authentication?
I'm curious to know how the latest Bash Bug affects systems that require a user login to access the shell.
Isn't UNIX/Linux usually configured in a way that you have to be an authenticated user to ...
5
votes
1answer
3k views
How to apply the fix for CVE-2014-6271 bash vulnerability on cygwin?
I would like to find out how do I apply the fix for this vulnerability on cygwin.
I am running the CYGWIN_NT-6.1 MYHOSTNAME 1.7.30(0.272/5/3) 2014-05-23 10:36 x86_64 Cygwin of cygwin on Windows 7.
...
41
votes
3answers
17k views
how can shellshock be exploited over SSH?
Apparently, the shellshock Bash exploit CVE-2014-6271 can be exploited over the network via SSH. I can imagine how the exploit would work via Apache/CGI, but I cannot imagine how that would work over ...
7
votes
1answer
4k views
What is the severity of the new bash exploit (shellshock)? [duplicate]
Alternate title: Should I be worried?
I've been reading up about the remote bash exploit and was wondering how severe it is and if I should be worried, especially since a new exploit has been found ...
7
votes
1answer
708 views
How does `env X='() { (a)=>\' sh -c “echo date”` work?
After reading about the latest bash vulnerability, I was wondering how Tavis Ormandy's exploit works. How does (a)=>\ work?
He posted:
The bash patch seems incomplete to me, function parsing ...
6
votes
4answers
11k views
How to only install security updates on debian
Because of the Shell Shock bug I need to make updates on some of our machines.
But I am not sure if all of the packages suggested in apt-get upgrade are OK for my system. In other words I am not sure ...
4
votes
3answers
3k views
CVE-2014-6271 Bash Vulnerability example [duplicate]
I am trying to understand what could be the security concern of CVE-2014-6271 and all the links I see just gives me the below command.
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
...
74
votes
2answers
11k views
When was the shellshock (CVE-2014-6271/7169) bug introduced, and what is the patch that fully fixes it?
Some context about the bug: CVE-2014-6271
Bash supports exporting not just shell variables, but also shell
functions to other bash instances, via the process environment to
(indirect) child ...
139
votes
5answers
48k views
What does env x='() { :;}; command' bash do and why is it insecure?
There is apparently a vulnerability (CVE-2014-6271) in bash: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
I am trying to figure out ...
2
votes
4answers
121 views
Remove all comments from a file?
I have a file with a few lines commented out:
foo
bar
stuff
#Do not show this...
morestuff
evenmorestuff#Or this
I just want to print all the uncommented code:
foo
bar
stuff
morestuff
...
