As many of you are probably aware, there is a serious security issue that is currently all over the web regarding the GNU BASH shell. We at the PC-BSD project are well aware of the issue, a fix is already in place to plug this security hole, and packages with this fix are currently building. Look for an update to your BASH shell within the next 24 hours in the form of a package update.
As a side note: nothing written by the PC-BSD project uses BASH in any way — and BASH is not built-in to the FreeBSD operating system itself (it is an optional port/package), so the level of severity of this bug is lower on FreeBSD than on other operating systems.
According to the FreeBSD mailing list: Bryan Drewery has already sent a notice that the port is fixed in FreeBSD. However, since he also added some good recommendations in the email for BASH users, we decided to copy that email here for anyone else that is interested.
From: Bryan Drewery — FreeBSD mailing list
The port is fixed with all known public exploits. The package is
However bash still allows the crazy exporting of functions and may still
have other parser bugs. I would recommend for the immediate future not
using bash for forced ssh commands as well as these guidelines:
1. Do not ever link /bin/sh to bash. This is why it is such a big
problem on Linux, as system(3) will run bash by default from CGI.
2. Web/CGI users should have shell of /sbin/nologin.
3. Don’t write CGI in shell script / Stop using CGI
4. httpd/CGId should never run as root, nor “apache”. Sandbox each
application into its own user.
5. Custom restrictive shells, like scponly, should not be written in bash.
6. SSH authorized_keys/sshd_config forced commands should also not be
written in bash.
For more information the bug itself you can visit arstechnica and read the article by clicking the link below.
Calling all creative PC-BSD users! The developers at PC-BSD would like your help in designing a brand new theme for the PCDM login manager. The winning entry will see their own customized skin as the default theme in the next official release of PC-BSD! In addition, we would like to present the winner and runner-ups with these awesome prizes:
1st Prize: A PC-BSD Isotope T-shirt, PC-BSD stickers, BSD wristbands, plus misc FreeBSD swag items.(Total ARV: $40)
Honorable mentions: PC-BSD schwag package (ARV: $15)
Contest start:11:00am PST on June 19th, 2013
Contest end:11:00am PST on July 8th, 2013
Please submit your entries in an email to the PC-BSD developers mailing list along with your email contact information. The format we require is a *.tar.gz archive containing all the image files as well as *.theme file. Please title the subject heading “Entry for PCDM Theme Contest” in order to be considered.
A sample theme can be found on the PC-BSD GitHub account, with additional information about PCDM theming available on the PC-BSD wiki. General icons should be 128 pixels square or smaller, with background images large enough to be automatically scaled/trimmed to the appropriate screen resolution where possible (for sample purposes consider 1024x768 to be the smallest supported screen resolution).
Have fun everyone, and good luck!
Standard disclaimers apply. iXsystems and PC-BSD team members are encouraged to submit entries, but will not be eligible for prizes. Void where prohibited.
Kris has an article in the May issue of BSD Magazine, demonstrating some of the new features in the 9.1 version of Warden, the jail management GUI in PC-BSD.
The magazine is available for free download here and Kris’ article starts on page 17.
The press release for PC-BSD 9.1 is now available:
iXsystems is pleased to announce the arrival of PC-BSD 9.1 Isotope Edition, the latest release of the secure and user-friendly operating system based on FreeBSD 9.1. Several new components are introduced in PC-BSD 9.1 Isotope including a revamped Warden jail management tool, improved ZFS support, user interface enhancements, and the new server edition of PC-BSD named “TrueOS”.
The biggest change to come from this update is a complete overhaul of PC-BSD’s Warden jail management utility with support for multiple ports jails, meta-packages, Linux jails, and ZFS snapshot management. Advanced users can now enjoy unlimited FreeBSD ports sandboxes thanks to the integration of the Ports Jail utility with the Warden UI. In addition, the integration of the update manager into Warden and support for meta-packages allow users to install the complex programs available on the PC-BSD installation media, e.g., Samba and Apache, in jails. The ability to install Linux distributions, including Debian and Gentoo, in jails opens up new options for virtualization on PC-BSD. All of these functions are available from both the graphical and command line interfaces.
PC-BSD 9.1 improves ZFS support in the installer and throughout the system, adding many new features. The installer simplifies the task of disk layout, including support for ZFS mirror and up to triple-parity software RAID. ZFS users can now use the ‘beadm’ utility to back up the boot environment before an upgrade or major system change and restore it if necessary. In Warden on ZFS, entire jails (including Linux jails) may be cloned and rolled back. These advanced administrative tools help PC-BSD live up to its reputation as a powerful and versatile desktop operating system.
“PC-BSD has made stunning progress and is rapidly becoming the Unix workstation OS we have all been waiting for,” says Michael Dexter, the editor of CallForTesting.org and a long-time BSD lecturer and advocate. “From including ZFS and elegant management tools to being completely GUI-agnostic, PC-BSD embraces and extends FreeBSD in dramatic yet respectful ways and the result is a great desktop experience for not only end users but also administrators and developers.”
Several other improvements continue to ensure that PC-BSD 9.1 remains user-friendly and accessible to everyone. Set-up is easier than ever with the new, simplified installer that requires as few as four clicks for the default installation. The new installer also separates pre-installation and post-installation tasks, allowing OEMs to install the system and leaving final configuration to the end user. An “About” icon has been added to the Control Panel, making it easy to determine the PC-BSD version and which desktops and version of X Window System have been installed. The new release supports KDE 4.9.3 and improves support for wifi and Intel video.
One of PC-BSD 9.1’s most exciting and anticipated new features is the new server installation option. The regular installer now presents the option to install TrueOS, a custom server edition of PC-BSD. TrueOS provides command line versions of PC-BSD utilities (including Warden, Meta-package Manager, and PBI Manager tools) in addition to the base FreeBSD install. It’s an excellent choice for users who want to avoid the overhead of even the lightest-weight window manager but want to take advantage of the powerful tools available in PC-BSD. iXsystems offers Professional Software Support for TrueOS and PC-BSD.
“With the new TrueOS server option, system administrators and enterprise users of Linux will immediately feel more at home being able to install a system with packages such as Bash, Apache, or Samba available out of box,” says Kris Moore, founder and lead developer of the PC-BSD project. “This, coupled with command-line versions of the ‘Warden’ jail management tool, meta-package manager, update manager and others, makes running a BSD-based server easier than ever.”
PC-BSD is a fully functional, user-friendly desktop operating system based on FreeBSD. It runs on the latest FreeBSD version 9.1 with a desktop interface of the user’s choice and graphical system installer. Its PBI system, developed for PC-BSD and also available on FreeBSD, allows users to download and install their applications in a self-extracting and self-installing format.
iXsystems is the all-around FreeBSD company that builds FreeBSD-certified servers and storage solutions, oversees FreeNAS development, and is the corporate sponsor of the PC-BSD Project. iXsystems is an employee-owned and operated, open source-centric, customer focused organization dedicated to providing the highest-quality built-to-order enterprise rackmount server solutions, pre-configured server appliances, and scalable storage solutions to our customers around the globe.
Kris has just announced the availability of 9.1:
The PC-BSD team is pleased to announce that version 9.1 is now available! This release includes many exciting new features and enhancements, such as a vastly improved system installer, ZFS “Boot Environment” support, TrueOS (A FreeBSD based server with additional power-user utilities), and much more!
DVD, USB and Virtual Machine disk images are now available for download.
Highlights for 9.1-Release
- FreeBSD 9.1.
- TrueOS: A new server option with PC-BSD utilities such as the Warden available via the CLI.
- New system installer! Greatly simplified for desktop and server installs.
- Support for ZFS mirror / raidz(1,2,3) during installation.
- Support for SWAP on ZFS, allowing entire disk ZFS installation.
- Support for setting additional ZFS data-set options, such as compression, noexec, etc.
- Warden jail management integrated into system. Allows creating jails via GUI, adding packages and other administration.
- Support for Warden to create Linux Jails
- New “Sound Configuration GUI”
- New “Hardware compatibility” GUI
- First boot setup wizard allows OEM installs to be easily performed.
- New Bluetooth pairing tray / GUI utilities.
- New EasyPBI utility, allows building PBIs via a GUI interface.
- New AppCafe improvements and preferences.
- Improvements to wireless networking utilities.
- Fixed bug causing untranslated strings to show up empty.
- Numerous bug-fixes to PC-BSD related utilities.
- Support for creating PXE boot server for remote desktop and installation.
- ZFS beadm support.
- Improved mirror auto-detection for roaming devices, such as laptops.
- And much more!
Want to help out the PC-BSD project? Found a bug you need to report? You can do so by joining us on our Forums! PC-BSD welcomes new contributors, testers, or simply feedback on how a particular piece of hardware works with BSD.
The 9.1 version of the PC-BSD 9.1 Users Handbook is available in HTML, EPUB, and PDF formats. The PDF version will also be available as an icon on the desktop after a desktop installation.