As many of you are probably aware, there is a serious security issue that is currently all over the web regarding the GNU BASH shell. We at the PC-BSD project are well aware of the issue, a fix is already in place to plug this security hole, and packages with this fix are currently building. Look for an update to your BASH shell within the next 24 hours in the form of a package update.
As a side note: nothing written by the PC-BSD project uses BASH in any way – and BASH is not built-in to the FreeBSD operating system itself (it is an optional port/package), so the level of severity of this bug is lower on FreeBSD than on other operating systems.
According to the FreeBSD mailing list: Bryan Drewery has already sent a notice that the port is fixed in FreeBSD. However, since he also added some good recommendations in the email for BASH users, we decided to copy that email here for anyone else that is interested.
From: Bryan Drewery – FreeBSD mailing list
The port is fixed with all known public exploits. The package is
However bash still allows the crazy exporting of functions and may still
have other parser bugs. I would recommend for the immediate future not
using bash for forced ssh commands as well as these guidelines:
1. Do not ever link /bin/sh to bash. This is why it is such a big
problem on Linux, as system(3) will run bash by default from CGI.
2. Web/CGI users should have shell of /sbin/nologin.
3. Don’t write CGI in shell script / Stop using CGI 🙂
4. httpd/CGId should never run as root, nor “apache”. Sandbox each
application into its own user.
5. Custom restrictive shells, like scponly, should not be written in bash.
6. SSH authorized_keys/sshd_config forced commands should also not be
written in bash.
For more information the bug itself you can visit arstechnica and read the article by clicking the link below.
The PC-BSD development team has been abuzz this week with awesome suggestions on how we can standardize the way we write PC-BSD utilities and software. One thing we’ve begun to realize is that as more people are contributing to the project, it is ever more important to make sure that there are clear standards for development. Even our primary developers will admit it’s easy to forget to use the same icon pack, or file menu layout when you get busy writing the main program. Going forward you can expect these standards to impact most of the PC-BSD utilities and programs you use everyday, although in a relatively minor way. Everything will still function the exact same, but whether or not you are using AppCafe or the Warden you can expect the file menu layout / program layout to follow the same general rules. For more information please check out “Becoming a Developer” in the PC-BSD 10.1 wiki. If you’d like to join the discussion you can email firstname.lastname@example.org.
I’ve seen some discussion lately about the life cycle of PC-BSD branches. I sat down with Kris Moore in IRC and asked if he wouldn’t mind clarifying the release cycle for our users. Kris answered the general rule of thumb you can use is a branch will continue to be supported for 6 months after the next branch is released. The updates include all of the things you would expect like new PBI and security updates. So for users of 9.2 you can expect support to continue through June of 2014. 9 Stable was a “experimental” branch and is no longer supported at this time. Users of 9 Stable are encouraged to upgrade to 9.2 or 10.0 Release to continue to receive important updates.
You can expect to see tons of improvements coming up for PC-BSD 10.1. One of the biggest being Kris and Yuri have been working to fix Linux jail support in the Warden. A handful of commits went into the tree today that will address the previous problems users have been having with Linux jails. Kris has continued to refine the Warden and PBI systems to fix some bugs that were causing major stability issues in certain scenarios. Minor cosmetic changes are coming for most PC-BSD utilities to bring them up to the same standards outlined in the “Become a Developer” section in the PC-BSD 10.1 wiki.
That’s it for this week folks. Lots of good things in the works so stay tuned to the blog for more important PC-BSD news!
The 9.0 PC-BSD Users Handbook has been translated to Indonesian and is available for download in the following formats:
Thanks goes to Tri Mulya S for the translation.
Tigersharke is working on the HTML version which should show up here some time in the next few days.
There will not be a Kindle version as this language is not supported by Amazon Kindle.
A video that describes how to use PC-BSD 9.0’s Port Jail is now available on YouTube.
The video provides an overview of what a jail is and why you would want to use one, then demonstrates how to initialize the ports jail, how to install the ports tree within the jail, and how to install packages and ports within the Ports Jail.
More information about Ports Jail can be found in that section of the PC-BSD User Guide.
From the press release:
The most recent edition of PC-BSD updates the suggestion list of the search bar with DuckDuckGo to provide users with a discreet, clutter-free search option. Additionally, DuckDuckGo offers many benefits including the ability to use shortcuts to directly search many websites and instant answers that provide topic summaries from a variety of web sources.
PC-BSD users concerned with security can be confident in the knowledge that requests submitted through DuckDuckGo will remain confidential. “We are pleased to make DuckDuckGo available to PC-BSD users, providing a reliable, yet completely anonymous search experience,” says Kris Moore, Director of PC-BSD Software Development at iXsystems.
“We are delighted to partner with PC-BSD,” says Gabriel Weinberg, DuckDuckGo’s founder and CEO. “DuckDuckGo and PC-BSD have a shared philosophy on the value of open source and choice.”
If you have installed the LXDE window manager, a system update is now available in Update Manager that addresses several bugs reported by users. The description for the update indicates that changes to menu-cache-0.3.2_2 were implemented in order to fix an issue within the LXDE desktop which caused the menu to constantly refresh every 2-4 seconds.