shell升級完整記錄

[root@localhost bash-4.3.30]# cat Makefile |grep prefix

prefix = /usr/local

exec_prefix = ${prefix}

datarootdir = ${prefix}/share

bindir = ${exec_prefix}/bin

libdir = ${exec_prefix}/lib

includedir = ${prefix}/include

                prefix=${prefix} exec_prefix=${exec_prefix} \

 

[root@localhost bash-4.3.30]# whereis bash

bash: /usr/bin/bash /usr/local/bin/bash /usr/share/man/man1/bash.1.gz

[root@localhost bash-4.3.30]# /usr/bin/bas

base64      basename    bash        bashbug     bashbug-32 

[root@localhost bash-4.3.30]# /usr/bin/bash --version

GNU bash, version 4.2.45(1)-release (i686-redhat-linux-gnu)

Copyright (C) 2011 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

 

This is free software; you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

[root@localhost bash-4.3.30]# /usr/local/bin/bash --version

GNU bash, version 4.3.30(1)-release (i686-pc-linux-gnu)

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

 

This is free software; you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

[root@localhost bash-4.3.30]#

 

庫文件查詢

[root@localhost bash-4.3.30]# ldd bash

        linux-gate.so.1 =>  (0xb779a000)

        libtinfo.so.5 => /lib/libtinfo.so.5 (0x4e41c000)

        libdl.so.2 => /lib/libdl.so.2 (0x4c65c000)

        libc.so.6 => /lib/libc.so.6 (0x4c49c000)

        /lib/ld-linux.so.2 (0x4c473000)

[root@localhost bash-4.3.30]#

 

 

[root@localhost shell_up_zhb]# chsh  -l

/bin/sh

/bin/bash

/sbin/nologin

/usr/bin/sh

/usr/bin/bash

/usr/sbin/nologin

[root@localhost shell_up_zhb]# lsof /bin/sh

COMMAND  PID USER  FD   TYPE DEVICE SIZE/OFF     NODE NAME

bash    8522 root txt    REG  253,1   917564 11014242 /usr/bin/bash

[root@localhost shell_up_zhb]# lsof /bin/bash

COMMAND  PID USER  FD   TYPE DEVICE SIZE/OFF     NODE NAME

bash    8522 root txt    REG  253,1   917564 11014242 /usr/bin/bash

sh      8914 root txt    REG  253,1   917564 11014242 /usr/bin/bash

[root@localhost shell_up_zhb]#

 

1之前的思路是拷貝升級後的可執行文件，庫，配置文件（若是有），開始按此思路升級，失敗，而且無法登錄。

2 後來發現chsh命令能夠設置開機使用的sh，考慮升級登錄後的sh，開機使用另外一個，升級成功後在，切換升級另外一個。後來發現，系統實際上只用一個sh，次思路不對

3 bash升級只是爲了修補心血漏洞，估計只需升級可執行文件便可。經過lsof發現，實際上使用的是/usr/bin/sh的shell，/bin/sh實際上是鏈接，那就只拷貝/usr/bin/sh，/usr/bin/bash,拷貝時發如今使用，那就先複製在拷貝。

4 拷貝成功後，用測試例子試一下，發現能夠

[NTP-Fedora20 shell_up_zhb]#env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable

this is a test

[NTP-Fedora20 shell_up_zhb]#env x='() { :;}; echo vulnerable' ./bash -c "echo this is a test"

this is a test

5 reboot發現成功