Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 17 Aug 2019, 13:17
All times are UTC - 4
 Forum index » Off-Topic Area » Security
BASH advice for the ordinary user
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [20 Posts]   Goto page: 1, 2 Next
Author Message
Kester
Guest


PostPosted: Sun 28 Sep 2014, 06:12    Post subject:  BASH advice for the ordinary user
Subject description: Seeking advice on behalf of less experienced Puppy users
 

Hi,

Having looked at the threads relating to the bash problem, I feel I need advice which is set out in fairly simple terms and I am sure there are many other Puppy users in a similar position who find the discussions in the other threads a little difficult to follow. With this in mind, I am starting this thread for the less knowledgeable Puppy users, like me, to pose their questions in the hope that the forum's experts will kindly give their advice in clear and easy to follow language.

I am running a frugal installation of Puppy Precise 5.7.1 in a dual boot arrangement with Windows XP Pro on a desktop computer. In Puppy, my main browser is Firefox 33.0, and email client is Thunderbird 31.1.2 - I also have SeaMonkey 2.1.9 which I have kept because it appears to be required to run CUPS but I do not use it as a browser or email client.

PPM advises that i have 'bash-4.1-x86' installed but a file search reveals a pet package 'bash_DOC-4.3-p25-i486-dpup487.pet' in the /root directory - I believe that this is something I recently downloaded - I did uninstall any bash items I have recently downloaded and installed in order to go back to square one and it seems to be one of those items which I failed to remove after uninstallation.

Sorry about the introductory waffle but I needed to explain my position. Now I need to know, in simple terms please, what action is advisable for me to take regarding bash and where I get any necessary downloads to install. Doubtlessly I will have follow-up questions but this is a starter.

Thank you.
Back to top
dejan555


Joined: 30 Nov 2008
Posts: 2807
Location: Montenegro

PostPosted: Sun 28 Sep 2014, 06:57    Post subject:  

Latest bash packages:
bash-4.3.30-1.pet for Carolina 1.2 by Geoffrey link
bash-4.3.30-1-i486-dpup487.pet for dpup 487 by dejan555 link
bash-3.0.22-i486.pet for Wary/Racy 5.5 by mavrothal link
bash-4.1.16.pet (All versions of Blue Pup & QT 6.0.5) by ETP link
bash-4.2.53-wheezy.pet for Dpup Wheezy by OscarTalks link
bash-4.1.13-2.pet. for Slacko 32-bit by SFR link

Geoffrey's bash-4.3.27-1.pet reported to work with (and with frisbee too):

puppy 4.3.1
slacko 5.3.3
lucid 5.28
wary 5.3
precise 5.7.1
slacko 5.7

dpup487 pet was also reported to work with these puppy versions:

Precise 5.6
Precise 5.7.1
OV Precise 5.8
puppy 4.3.2,
slacko 5.3.3,
lucid 5.2.5
lucid 5.2.8
Upup Raring 3.9.9.2
Sulu 002
wary/racy

Last edited by dejan555 on Mon 06 Oct 2014, 16:51; edited 15 times in total
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
cimarron


Joined: 30 May 2013
Posts: 293

PostPosted: Sun 28 Sep 2014, 08:00    Post subject:  

Warning: It seems the bash fixes break the Frisbee network manager. If you use Frisbee, you might want to wait to apply the bash fix until a fix for Frisbee is also available (which should be very soon).

See the Frisbee thread: http://www.murga-linux.com/puppy/viewtopic.php?t=64472&start=365
Back to top
View user's profile Send private message 
Kester
Guest


PostPosted: Sun 28 Sep 2014, 12:09    Post subject: BASH advice for the ordinary user  

Hi dejan555 and Cimarron.

Thanks for your quick and helpful responses.

Cimarron, Frisbee is on my system but I don't know if it is in use. I allowed Puppy to set up the network through its defaults during the initial installation and it is not clear to me if network management is carried out by Frisbee or other software - how do I check please?

I have downloaded the executable pet for bash that you have suggested dejan555 but in the light of Cimarron's comment, I have held back on installing it at present.

I have realised that many routers use firmware that utilizes bash so I have been trying to get through to my Internet Service Provider to find out if that is the case for the ZyXEL adsl modem with wifi they have provided. I do not use the wifi, it is switched off at present, but rely on wired ethernet connections for my two desktops. I'm trying to find out if any firmware updates come through automatically or if I have to arrange that myself.

Regards to you both, Kester.
Back to top
cimarron


Joined: 30 May 2013
Posts: 293

PostPosted: Sun 28 Sep 2014, 12:42    Post subject:  

If you right-click on the network icon in your taskbar tray (near the clock), then select "Setup networking," and a window comes up with "Frisbee" in the title, then you're using Frisbee.

Other possibilities might be "Simple Network Setup" or "Network Wizard," which I hear work fine with the bash fix installed.
Back to top
View user's profile Send private message 
Kester
Guest


PostPosted: Sun 28 Sep 2014, 13:08    Post subject: BASH advice for the ordinary user  

Hi Cimarron,

Thanks for getting back so quickly. I had tried what you suggested earlier - there is no mention of Frisbee but just 'Internet Connection Wizard' on the title bar. I also checked in PPM and Frisbee is not shown as installed so I will install dejan555's suggested bash pet and get back.

No luck yet getting through to my ISP regarding firmware updates if needed for my adsl modem router unit - their phoneline is so busy the waiting times are extensive - I've given up twice today (fortunately my calls to them are free).

An afterthought - if I install the bash package, should I uninstall the original first or will installation of the newer version automatically replace the former?

Regards, Kester.
Back to top
sheldonisaac

Joined: 21 Jun 2009
Posts: 845
Location: Philadelphia, PA

PostPosted: Sun 28 Sep 2014, 17:23    Post subject:  

What can/should I do about possible effects of the BASH vulnerability on servers(?) that I use, like Web hosts, banks' sites, Google, etc

I mean, if the vulnerability makes problems on those servers, maybe that in turn could harm me?

And what about my Actiontec wireless router from Verizon FiOS?


Thanks,
Sheldon

_________________
Dell E6410: Xenial, Dpup Stretch, etc
Dell Mini 9, Acer Aspire One, EeePC 1018P, PowerBook G4
Intel D865GBF, Intel DQ35JOE, Dell Vostro 430
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1746

PostPosted: Sun 28 Sep 2014, 19:44    Post subject:  

sheldonisaac wrote:
What can/should I do about possible effects of the BASH vulnerability on servers(?) that I use, like Web hosts, banks' sites, Google, etc

I mean, if the vulnerability makes problems on those servers, maybe that in turn could harm me?

And what about my Actiontec wireless router from Verizon FiOS?


Thanks,
Sheldon
Myself, I run browsers as limited user "spot" who can only write to one directory and subdirectories thereof. I run Firefox with NoScript, only allowing sites which I trust at the moment to send me scripts to execute. I do not run email programs like Thunderbird that require the ability to implicitly execute scripts from external sources. Sylpheed only treats text files as text.

This eliminates a major part of the threat, but it does not address the central issue. As others have said, this problem has been around for 22 years, and will have "a long tail."

Your Actiontec wireless router probably has the vulnerability, if it is like the one I bought surplus. Keep watch for updates to firmware from Verizon.

We are still learning about vulnerable devices. Here's one I never expected to be connected to the 'net.

Want further advice? Keep a supply of foolscap and quill pens handy in case of Internet meltdown.
Back to top
View user's profile Send private message 
amigo

Joined: 02 Apr 2007
Posts: 2647

PostPosted: Mon 29 Sep 2014, 02:40    Post subject:  

I'm really surprised at all the fuss being made over the shellshock bug here -this is puppyland where nobody is supposed to worry about security -since puppy is insecure through and through, why get all upset about one more open attack vector??
Back to top
View user's profile Send private message 
watchdog

Joined: 28 Sep 2012
Posts: 1874
Location: Italy

PostPosted: Mon 29 Sep 2014, 03:54    Post subject:  

@amigo

My best security is the backup.

To all ordinary users: the latest bash patch by Geoffrey here should work in almost all puppies and doesn't break frisbee.
Back to top
View user's profile Send private message 
Kester
Guest


PostPosted: Mon 29 Sep 2014, 05:29    Post subject:  

Amigo,

Whilst a little banter can lighten things, the point of this particular thread is for ordinary home users like myself to seek and obtain useful advice. With respect, your post, amusing as it is, is not very helpful without any advice over dealing with any potential security weaknesses within Puppy. We know, too, that the bash weakness is neither specifically a Puppy problem nor just a potential threat affecting only Linux operating system users.

Watchdog, your point about backup is relevant but data backup and system image backups only provide the means to restore data and systems to an earlier point (important as that is), it does not protect against stolen personal information, passwords, account details etc. which, in theory, the bash security weaknesses could allow the unscrupulous hacker to obtain without the immediate knowledge of the user.

Please, I would still like a response to this question: should I uninstall my present version of bash before installing the later patched version or will installing the patched version over the top of the earlier version be OK?

Thanks, regards to all, Kester.
Back to top
dejan555


Joined: 30 Nov 2008
Posts: 2807
Location: Montenegro

PostPosted: Mon 29 Sep 2014, 05:52    Post subject:  

Installing over previously installed should work because files are being replaced.
_________________
puppy.b0x.me stuff mirrored HERE or HERE
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
Kester
Guest


PostPosted: Mon 29 Sep 2014, 07:19    Post subject:  

@dejan555,

Thanks for your reply.

I have now updated bash and run cimarron's test script in the terminal with the following result:

# cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
#


You will note that none of the following lines have appeared in my result:
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'


So could you please confirm whether my result is OK without those lines as no date/time line appeared either.

The results I have mentioned are true for my dual boot Puppy Precise 5.7.1 system shared with Windows XP Pro and for my two live discs (a 5.5 Puppy precise and a 5.7 Slacko both used on my Windows 7 desktop).

Thanks and regards, kester.
Back to top
cimarron


Joined: 30 May 2013
Posts: 293

PostPosted: Mon 29 Sep 2014, 08:27    Post subject:  

Yes, Kester, that result is fine. The test instructions said "similar to" that output, with the important part being that today's date is not displayed and no /tmp/echo file created.
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2008
Location: N.E. USA

PostPosted: Mon 29 Sep 2014, 09:12    Post subject:  

I see theres a discussion about Frisbee breaking. Barry's SNS is still functioning after the patch/upgrade. It sniffed and connected well (for SNS anyways).
JIC one needs a wifi cnxn.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [20 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0604s ][ Queries: 12 (0.0098s) ][ GZIP on ]