Will the bash fix for Lion work on Snow Leopard?

Yes, the Mac OS X Lion /bin/bash and /bin/sh "Appear" to work on Snow Leopard.

<OS X bash Update 1.0 - OS X Lion>

However, you will have to either install on Lion first, and then copy /bin/bash and /bin/sh to the Snow Leopard system, or extract the bash and sh from the installer package.

Philip Wilk wrote:

Will the bash fix for Lion that fixes a security flaw in the bash UNIX shell, work on Snow Leopard?

I would not recommend it as each has been compiled for a specific version of darwin. Best to compile it for yourself using something like these instructions from Topher Kessler How to unofficially fix the ‘Shell Shock’ bash vulnerability in OS X.

I also found this blog post to be very helpful for fixing my OSX 10.6.8 Snow Leopard from the bash shellshock bug. Apparently this fix works with OSX 10.4 all the way to OSX 10.9 systems. Plus it's the only DIY instruction I found online that includes a test to see if you are vunerable and if the fix actually fixed anything. http://tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html

BobHarris wrote:

Yes, the Mac OS X Lion /bin/bash and /bin/sh "Appear" to work on Snow Leopard.

<OS X bash Update 1.0 - OS X Lion>

However, you will have to either install on Lion first, and then copy /bin/bash and /bin/sh to the Snow Leopard system, or extract the bash and sh from the installer package.

I take it that you tested this, right? AFAIK, since I'm not running a server and have installed Apple's fixes for Lion through Mavs, I should be safe.

27" i7 iMac (Mid 2011) refurb, OS X Mavericks (10.9.5), ML & SL, G4 450 MP w/Leopard, 9.2.2

I have a Snow Leopard iMac at work. I also have a Lion Macbook. I installed the Lion fix on the Macbook, then I copied the /bin/sh and /bin/bash files from the Macbook to the iMac. The executables worked on the iMac

$ /bin/bash --version

GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)

Copyright (C) 2007 Free Software Foundation, Inc.

$ version

Darwin my.computer.dns.name 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386 i386 i386

ProductName: Mac OS X

ProductVersion: 10.6.8

BuildVersion: 10K549

I've had this installed for about 2 days, and the iMac is still running with various scheduled scripts running OK (some system, some of my own). Crossing my fingers. 🙂

MadMacs0 wrote:

Best to compile it for yourself using something like these instructions from Topher Kessler How to unofficially fix the ‘Shell Shock’ bash vulnerability in OS X.

This did not work for me. It seems that my Xcode-3.2.6 package did not compile the bash-3.2 source code for Snow Leopard. I will go back to using the tcsh shell.

Thanks. That's what I wanted to read.😎

BobHarris wrote:

I copied the /bin/sh and /bin/bash files from the Macbook to the iMac. The executables worked on the iMac

You missed the /usr/bin/bashbug executable and several support files that are probably of little importance.

EricMarlow wrote:

I also found this blog post to be very helpful for fixing my OSX 10.6.8 Snow Leopard from the bash shellshock bug.... http://tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html

Yes, I ran across that myself after posting the above. The TenFourFox team is very good at what it does for PPC macs and older versions of OS X.

eyeman wrote:

This did not work for me. It seems that my Xcode-3.2.6 package did not compile the bash-3.2 source code for Snow Leopard. I will go back to using the tcsh shell.

Unfortunately this is not the path to security since it appears other services like CUPS use bash.

theblueglow wrote:

eyeman wrote:

I will go back to using the tcsh shell.

Unfortunately this is not the path to security since it appears other services like CUPS use bash.

I agree. When I tried using symlinks to send calls to bash & sh to tcsh instead, I found a lot of broken shell scripts. I don't think tcsh has been maintained very well since it's use with OS X 10.0 through 10.2. I had better luck with xsh, though.

This is what I used for a day or so with Mavericks:

sudo mv /bin/bash /bin/bash.bak

sudo mv /bin/sh /bin/sh.bak

sudo ln -s /bin/zsh /bin/sh

sudo ln -s /bin/zsh /bin/bash

I agree. When I tried using symlinks to send calls to bash & sh to tcsh instead, I found a lot of broken shell scripts. I don't think tcsh has been maintained very well since it's use with OS X 10.0 through 10.2. I had better luck with xsh, though.

csh and tcsh use a totally different scripting language from bash (and other bourne based shells). You cannot substitute tcsh for bash when it comes to scripts.

zsh is in the bourne shell family, and will most likely work, but every bourne shell flavor has differences in their scripting languages, so be careful.

BobHarris wrote:

csh and tcsh use a totally different scripting language from bash (and other bourne based shells). You cannot substitute tcsh for bash when it comes to scripts.

Yes, I'm fully aware of that. As an early adopter of OS X I didn't notice when the default was changed for new 10.3 users and stuck with csh successfully for many years without issue, but that's no longer the case.

...As an early adopter of OS X I didn't notice when the default was changed for new 10.3 users and stuck with csh successfully for many years without issue, but that's no longer the case.

Yea, I used csh as my internactive shell for 10 of years. But I didn't start that way:

before '70-'79, my interface was 80 column punched cards 🙂 (this does include college)

'79-'85 VMS DCL prompt

'85 - '88 I was bourne shell on PDP-11 System V.2 UNIX(TM)

'88-'95 back to OpenVMS DCL prompt

'95-'05 I was csh (not even tcsh, but plain old csh). 10 years

'05-today bash (I was really glad to have bourne shell functions available at the command prompt, but still have my csh !!, !*, Control-P, etc... interactive commands from csh).

😁

Well I think I can top that. My early sixties college interface was punched paper tape and machine language (GECOS?) on some sort of GE computer who's model number slips my mind (maybe 625?).

I didn't get to 80 column "IBM" cards until grad school. That was Fortran on a CDC 1604 and IBM 360-67. I had a couple of chances to do programming after that, but then it became only a hobby as my real jobs became more varied and demanding. My wife forced me to by a Mac in 1986 and I never looked back. All my unix experience has been Darwin out of curiosity. Of course having to gain a more technical understanding of the ClamAV scan engine has accelerated things in that area a bit.