BASH advice for the ordinary user
BASH advice for the ordinary user
Hi,
Having looked at the threads relating to the bash problem, I feel I need advice which is set out in fairly simple terms and I am sure there are many other Puppy users in a similar position who find the discussions in the other threads a little difficult to follow. With this in mind, I am starting this thread for the less knowledgeable Puppy users, like me, to pose their questions in the hope that the forum's experts will kindly give their advice in clear and easy to follow language.
I am running a frugal installation of Puppy Precise 5.7.1 in a dual boot arrangement with Windows XP Pro on a desktop computer. In Puppy, my main browser is Firefox 33.0, and email client is Thunderbird 31.1.2 - I also have SeaMonkey 2.1.9 which I have kept because it appears to be required to run CUPS but I do not use it as a browser or email client.
PPM advises that i have 'bash-4.1-x86' installed but a file search reveals a pet package 'bash_DOC-4.3-p25-i486-dpup487.pet' in the /root directory - I believe that this is something I recently downloaded - I did uninstall any bash items I have recently downloaded and installed in order to go back to square one and it seems to be one of those items which I failed to remove after uninstallation.
Sorry about the introductory waffle but I needed to explain my position. Now I need to know, in simple terms please, what action is advisable for me to take regarding bash and where I get any necessary downloads to install. Doubtlessly I will have follow-up questions but this is a starter.
Thank you.
Having looked at the threads relating to the bash problem, I feel I need advice which is set out in fairly simple terms and I am sure there are many other Puppy users in a similar position who find the discussions in the other threads a little difficult to follow. With this in mind, I am starting this thread for the less knowledgeable Puppy users, like me, to pose their questions in the hope that the forum's experts will kindly give their advice in clear and easy to follow language.
I am running a frugal installation of Puppy Precise 5.7.1 in a dual boot arrangement with Windows XP Pro on a desktop computer. In Puppy, my main browser is Firefox 33.0, and email client is Thunderbird 31.1.2 - I also have SeaMonkey 2.1.9 which I have kept because it appears to be required to run CUPS but I do not use it as a browser or email client.
PPM advises that i have 'bash-4.1-x86' installed but a file search reveals a pet package 'bash_DOC-4.3-p25-i486-dpup487.pet' in the /root directory - I believe that this is something I recently downloaded - I did uninstall any bash items I have recently downloaded and installed in order to go back to square one and it seems to be one of those items which I failed to remove after uninstallation.
Sorry about the introductory waffle but I needed to explain my position. Now I need to know, in simple terms please, what action is advisable for me to take regarding bash and where I get any necessary downloads to install. Doubtlessly I will have follow-up questions but this is a starter.
Thank you.
Latest bash packages:
bash-4.3.30-1.pet for Carolina 1.2 by Geoffrey link
bash-4.3.30-1-i486-dpup487.pet for dpup 487 by dejan555 link
bash-3.0.22-i486.pet for Wary/Racy 5.5 by mavrothal link
bash-4.1.16.pet (All versions of Blue Pup & QT 6.0.5) by ETP link
bash-4.2.53-wheezy.pet for Dpup Wheezy by OscarTalks link
bash-4.1.13-2.pet. for Slacko 32-bit by SFR link
Geoffrey's bash-4.3.27-1.pet reported to work with (and with frisbee too):
puppy 4.3.1
slacko 5.3.3
lucid 5.28
wary 5.3
precise 5.7.1
slacko 5.7
dpup487 pet was also reported to work with these puppy versions:
Precise 5.6
Precise 5.7.1
OV Precise 5.8
puppy 4.3.2,
slacko 5.3.3,
lucid 5.2.5
lucid 5.2.8
Upup Raring 3.9.9.2
Sulu 002
wary/racy
bash-4.3.30-1.pet for Carolina 1.2 by Geoffrey link
bash-4.3.30-1-i486-dpup487.pet for dpup 487 by dejan555 link
bash-3.0.22-i486.pet for Wary/Racy 5.5 by mavrothal link
bash-4.1.16.pet (All versions of Blue Pup & QT 6.0.5) by ETP link
bash-4.2.53-wheezy.pet for Dpup Wheezy by OscarTalks link
bash-4.1.13-2.pet. for Slacko 32-bit by SFR link
Geoffrey's bash-4.3.27-1.pet reported to work with (and with frisbee too):
puppy 4.3.1
slacko 5.3.3
lucid 5.28
wary 5.3
precise 5.7.1
slacko 5.7
dpup487 pet was also reported to work with these puppy versions:
Precise 5.6
Precise 5.7.1
OV Precise 5.8
puppy 4.3.2,
slacko 5.3.3,
lucid 5.2.5
lucid 5.2.8
Upup Raring 3.9.9.2
Sulu 002
wary/racy
Last edited by dejan555 on Mon 06 Oct 2014, 20:51, edited 15 times in total.
Warning: It seems the bash fixes break the Frisbee network manager. If you use Frisbee, you might want to wait to apply the bash fix until a fix for Frisbee is also available (which should be very soon).
See the Frisbee thread: http://www.murga-linux.com/puppy/viewtopic.php?t=64472&start=365
See the Frisbee thread: http://www.murga-linux.com/puppy/viewtopic.php?t=64472&start=365
BASH advice for the ordinary user
Hi dejan555 and Cimarron.
Thanks for your quick and helpful responses.
Cimarron, Frisbee is on my system but I don't know if it is in use. I allowed Puppy to set up the network through its defaults during the initial installation and it is not clear to me if network management is carried out by Frisbee or other software - how do I check please?
I have downloaded the executable pet for bash that you have suggested dejan555 but in the light of Cimarron's comment, I have held back on installing it at present.
I have realised that many routers use firmware that utilizes bash so I have been trying to get through to my Internet Service Provider to find out if that is the case for the ZyXEL adsl modem with wifi they have provided. I do not use the wifi, it is switched off at present, but rely on wired ethernet connections for my two desktops. I'm trying to find out if any firmware updates come through automatically or if I have to arrange that myself.
Regards to you both, Kester.
Thanks for your quick and helpful responses.
Cimarron, Frisbee is on my system but I don't know if it is in use. I allowed Puppy to set up the network through its defaults during the initial installation and it is not clear to me if network management is carried out by Frisbee or other software - how do I check please?
I have downloaded the executable pet for bash that you have suggested dejan555 but in the light of Cimarron's comment, I have held back on installing it at present.
I have realised that many routers use firmware that utilizes bash so I have been trying to get through to my Internet Service Provider to find out if that is the case for the ZyXEL adsl modem with wifi they have provided. I do not use the wifi, it is switched off at present, but rely on wired ethernet connections for my two desktops. I'm trying to find out if any firmware updates come through automatically or if I have to arrange that myself.
Regards to you both, Kester.
If you right-click on the network icon in your taskbar tray (near the clock), then select "Setup networking," and a window comes up with "Frisbee" in the title, then you're using Frisbee.
Other possibilities might be "Simple Network Setup" or "Network Wizard," which I hear work fine with the bash fix installed.
Other possibilities might be "Simple Network Setup" or "Network Wizard," which I hear work fine with the bash fix installed.
BASH advice for the ordinary user
Hi Cimarron,
Thanks for getting back so quickly. I had tried what you suggested earlier - there is no mention of Frisbee but just 'Internet Connection Wizard' on the title bar. I also checked in PPM and Frisbee is not shown as installed so I will install dejan555's suggested bash pet and get back.
No luck yet getting through to my ISP regarding firmware updates if needed for my adsl modem router unit - their phoneline is so busy the waiting times are extensive - I've given up twice today (fortunately my calls to them are free).
An afterthought - if I install the bash package, should I uninstall the original first or will installation of the newer version automatically replace the former?
Regards, Kester.
Thanks for getting back so quickly. I had tried what you suggested earlier - there is no mention of Frisbee but just 'Internet Connection Wizard' on the title bar. I also checked in PPM and Frisbee is not shown as installed so I will install dejan555's suggested bash pet and get back.
No luck yet getting through to my ISP regarding firmware updates if needed for my adsl modem router unit - their phoneline is so busy the waiting times are extensive - I've given up twice today (fortunately my calls to them are free).
An afterthought - if I install the bash package, should I uninstall the original first or will installation of the newer version automatically replace the former?
Regards, Kester.
-
- Posts: 902
- Joined: Mon 22 Jun 2009, 01:36
- Location: Philadelphia, PA
What can/should I do about possible effects of the BASH vulnerability on servers(?) that I use, like Web hosts, banks' sites, Google, etc
I mean, if the vulnerability makes problems on those servers, maybe that in turn could harm me?
And what about my Actiontec wireless router from Verizon FiOS?
Thanks,
Sheldon
I mean, if the vulnerability makes problems on those servers, maybe that in turn could harm me?
And what about my Actiontec wireless router from Verizon FiOS?
Thanks,
Sheldon
Dell E6410: BusterPup, BionicPup64, Xenial, etc
Intel DQ35JOE, Dell Vostro 430
Dell Inspiron, Acer Aspire One, EeePC 1018P
Intel DQ35JOE, Dell Vostro 430
Dell Inspiron, Acer Aspire One, EeePC 1018P
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Myself, I run browsers as limited user "spot" who can only write to one directory and subdirectories thereof. I run Firefox with NoScript, only allowing sites which I trust at the moment to send me scripts to execute. I do not run email programs like Thunderbird that require the ability to implicitly execute scripts from external sources. Sylpheed only treats text files as text.sheldonisaac wrote:What can/should I do about possible effects of the BASH vulnerability on servers(?) that I use, like Web hosts, banks' sites, Google, etc
I mean, if the vulnerability makes problems on those servers, maybe that in turn could harm me?
And what about my Actiontec wireless router from Verizon FiOS?
Thanks,
Sheldon
This eliminates a major part of the threat, but it does not address the central issue. As others have said, this problem has been around for 22 years, and will have "a long tail."
Your Actiontec wireless router probably has the vulnerability, if it is like the one I bought surplus. Keep watch for updates to firmware from Verizon.
We are still learning about vulnerable devices. Here's one I never expected to be connected to the 'net.
Want further advice? Keep a supply of foolscap and quill pens handy in case of Internet meltdown.
Amigo,
Whilst a little banter can lighten things, the point of this particular thread is for ordinary home users like myself to seek and obtain useful advice. With respect, your post, amusing as it is, is not very helpful without any advice over dealing with any potential security weaknesses within Puppy. We know, too, that the bash weakness is neither specifically a Puppy problem nor just a potential threat affecting only Linux operating system users.
Watchdog, your point about backup is relevant but data backup and system image backups only provide the means to restore data and systems to an earlier point (important as that is), it does not protect against stolen personal information, passwords, account details etc. which, in theory, the bash security weaknesses could allow the unscrupulous hacker to obtain without the immediate knowledge of the user.
Please, I would still like a response to this question: should I uninstall my present version of bash before installing the later patched version or will installing the patched version over the top of the earlier version be OK?
Thanks, regards to all, Kester.
Whilst a little banter can lighten things, the point of this particular thread is for ordinary home users like myself to seek and obtain useful advice. With respect, your post, amusing as it is, is not very helpful without any advice over dealing with any potential security weaknesses within Puppy. We know, too, that the bash weakness is neither specifically a Puppy problem nor just a potential threat affecting only Linux operating system users.
Watchdog, your point about backup is relevant but data backup and system image backups only provide the means to restore data and systems to an earlier point (important as that is), it does not protect against stolen personal information, passwords, account details etc. which, in theory, the bash security weaknesses could allow the unscrupulous hacker to obtain without the immediate knowledge of the user.
Please, I would still like a response to this question: should I uninstall my present version of bash before installing the later patched version or will installing the patched version over the top of the earlier version be OK?
Thanks, regards to all, Kester.
@dejan555,
Thanks for your reply.
I have now updated bash and run cimarron's test script in the terminal with the following result:
# cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
#
You will note that none of the following lines have appeared in my result:
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
So could you please confirm whether my result is OK without those lines as no date/time line appeared either.
The results I have mentioned are true for my dual boot Puppy Precise 5.7.1 system shared with Windows XP Pro and for my two live discs (a 5.5 Puppy precise and a 5.7 Slacko both used on my Windows 7 desktop).
Thanks and regards, kester.
Thanks for your reply.
I have now updated bash and run cimarron's test script in the terminal with the following result:
# cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
#
You will note that none of the following lines have appeared in my result:
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
So could you please confirm whether my result is OK without those lines as no date/time line appeared either.
The results I have mentioned are true for my dual boot Puppy Precise 5.7.1 system shared with Windows XP Pro and for my two live discs (a 5.5 Puppy precise and a 5.7 Slacko both used on my Windows 7 desktop).
Thanks and regards, kester.
Glad you're satisfied, Kester.
8Geee, as watchdog pointed out above there's a new version of bash out now that does not break Frisbee. Geoffrey provided it in another thread (and it's been tested in a number of pups):
bash 4.3.27
(does not break Frisbee)
8Geee, as watchdog pointed out above there's a new version of bash out now that does not break Frisbee. Geoffrey provided it in another thread (and it's been tested in a number of pups):
bash 4.3.27
(does not break Frisbee)
Thanks!
Hi guys.. i joined today so that i could thank you for all of the help I've received from the members of this forum. Today's helpful tip comes from..
bash-4.3.30-1-i486-dpup487.pet for dpup 487 by dejan555 link
When i found out my OS.. Puppy Linux Lucid.. was vulnerable i started searching the forums looking for a cure..
Thanks a million..
Jude
bash-4.3.30-1-i486-dpup487.pet for dpup 487 by dejan555 link
When i found out my OS.. Puppy Linux Lucid.. was vulnerable i started searching the forums looking for a cure..
Thanks a million..
Jude
Re: Thanks!
Welcome Jude and enjoy using Lucid Puppy it will serve you well.Jude wrote:Hi guys.. i joined today so that i could thank you for all of the help I've received from the members of this forum. Today's helpful tip comes from..
bash-4.3.30-1-i486-dpup487.pet for dpup 487 by dejan555 link
When i found out my OS.. Puppy Linux Lucid.. was vulnerable i started searching the forums looking for a cure..
Thanks a million..
Jude