How to revert shellshocker? about shellshocker HOT 13 OPEN

Have you tried just running an apt-get install bash?

from shellshocker.

bash-4.3# dpkg -l | grep bash
dpkg -l | grep bash
ii bash 4.1-3+deb6u2 The GNU Bourne Again SHell

bash-4.3# bash --version
bash --version
GNU bash, Version 4.3.29(1)-release (x86_64-unknown-linux-gnu)

they're not the same. I assume 4.3 is the shellshocker, but have updated bash recently and got 4.1. The shellshocker variant seems to be active.

from shellshocker.

Can you show the output of which bash as well as the path to the bash binary from dpkg?

from shellshocker.

Any reason why you don't want to use the most up to date version of bash? (4.3.29)

You'll need to find where your package manager installed bash. (try whereis bash, which bash, etc).

Have you tried going into the build directory "~/bash-shellshocker/bash-4.3" and running a make uninstall?

Sorry, i'm away from my keyboard right now so I can't help much at the moment.

from shellshocker.

Actually its also good not to have the most recent version. the old version of openssl saved me tons of trouble cause of the heartbleed bug. it was older than first implemented.

back to topic:

Yes bash was updated after shellshocker fix script.

~# whereis bash
bash: /bin/bash /etc/bash.bashrc /usr/local/bin/bash /usr/share/man/man1/bash.1.gz
~# which bash
/usr/local/bin/bash

And no problem, this issue has not to hurry

from shellshocker.

I ran a make clean and it seemed to remove it.

from shellshocker.

@dionysius, can you confirm that make clean resolves your issue?

from shellshocker.

Yes absolutely. Curious i didn't catch that point myself

Am Dienstag, 7. Oktober 2014 um 20:29 schrieb Mark Hensler:

@dionysius (https://github.com/dionysius), can you confirm that make clean resolves your issue?

—
Reply to this email directly or view it on GitHub (#37 (comment)).

from shellshocker.

you should provide a detailed "uninstall" instruction on your shellshocker -website,
how one can get back to the "stock" bash version of the package-manager of the distribution.

because after installing your shellshock patch script,
the bash package will get no (regular) updates at all via the package-manager (e.g. APT) in future (!)

Because after some time the different Linux-distributions will provide full patched (or backported) bash versions themselves,
and then the admins and users want to go back to the "regular" bash versions maintained automatically by their package-manager (e.g. APT)...

from shellshocker.

Hmm.. I have the same issue but a make clean in "~/bash-shellshocker/bash-4.3" does not resolve the problem for me. I also tried make uninstall with no effect.

which bash outputs "/bin/bash"
bash --version sais "GNU bash, version 4.3.30(2)-release"
dpkg -l | grep bash sais "4.2+dfsg-0.1+deb7u3"

I'd also like to get the default one back to ensure updates etc. Any suggestions?

from shellshocker.

Ok, just found a solution by myself. I un- and then re-installed the bash package. This is what I did:

1. Change the login shell of your user and root: vim /etc/passwd
2. Logout and relogin (you should now be logged in with /bin/sh)
3. Run apt-get remove bash and apt-get install bash

Now it worked again (for me). Please not that this procedure is not without risk. Make a system backup before proceeding!

from shellshocker.

"make clean" and "make uninstall" did unfortunately NOT work on my side too ...

@ma0ho
thanks for your hint but it didn't work for me Debian 6 / Debian 7,
everything messed up then and had to restore the backup :-/

would be good if the authors of shellshocker tell somthing about that issue,
but I think they have turned to new tasks ...

from shellshocker.

@ma0ho
OK now I managed it:
quite often under debian /bin/sh is already** a symlink to /bin/bash (the new bash which we want to uninstall),
so for debian* do:
0. make a complete backup.

1. Change the login shell of your user and root from /bin/bash to /bin/sh where necessary (e.g. by using editor vim /etc/passwd)
2. Change the symlink /bin/sh to point/link to the debian distri-shell -> bin/dash
3. Logout and relogin (you should now be logged in with /bin/dash)
4. Run apt-get remove bash -f
5. see if there are still the following files present and delete them manually if necessary:
   /bin/bash
/bin/bashbug
/usr/local/bin/bash
/usr/local/bin/bashbug
6. Run apt-get install bash
7. run whereis bash and see if the output is
   bash: /bin/bash /etc/bash.bashrc /usr/share/man/man1/bash.1.gz
8. try to open a bash shell by just typing bash
   and run bash --version then
   and see if the output is the latest Debian distri version e.g.:
   GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
9. Change back the symlink /bin/sh to point/link to the bash -> bin/bash
10. Change back the login shell of your user and root from /bin/sh to /bin/bash where necessary (e.g. by using editor vim /etc/passwd)
11. Logout completely from all (nested) shells (exit several times) and relogin (you should now be logged in with /bin/bash)
12. test again (with root- and user- logins):
    # which bash
/bin/bash
# whereis bash
bash: /bin/bash /etc/bash.bashrc /usr/share/man/man1/bash.1.gz
# bash --version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu) ...
13. finally: delete the folder /root/bash-shellshocker and all its containing files and subfolders
14. now you're clean again ...

15.) optional:
do
apt-get update
apt-get upgrade
and then check with
curl https://shellshocker.net/shellshock_test.sh | bash
you should see 7 times not vulnerable
because "debian 7" and "debian 6 lts" versions of bash are already updated/backported the right way...

*(tested under debian 7 and debian 6 lts)

**(because typical "debian-webserver-installation-instructions" contains the recommendation to use
dpkg-reconfigure dash at the very beginning
and then
Use dash as the default system shell (/bin/sh)?
answered with No)

from shellshocker.