Jump to content
Server Maintenance This Week. ×

Shellshock bug and OS X FileMaker Server

xochi

By xochi
in FileMaker Server 13

 Share

This topic is 3484 days old. Please don't post here. Open a new topic instead.

Recommended Posts

xochi Mentor

xochi

Posted
Posted

FileMaker Server uses Apache on OS X, and edits the configuration file ( /private/etc/apache2/httpd.conf ) and enables apache.   This means that if one is running filemaker server, one is (usually) running apache.  The new 'shellshock' bug would seem to be a concern in this situation.

 

I'm running a few OS X servers that have FM Server and Apache running.  I've decided to stop apache this morning until I understand the risks.

 

Background on shellshock : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Link to comment
Share on other sites
xochi Mentor

xochi

Posted
  • Author
Posted

Hi Lee - the profile doesn't let one choose multiple versions.   I'm running FMS 11 and FMS 13 on different machines.   I believe the vulnerability applies to any version of FMS which uses apache on Mac OS X, which I believe would cover 9, 10, 11, 12, and 13...

Link to comment
Share on other sites
Lee Smith

Lee Smith

Posted
Posted (edited)

 the profile doesn't let one choose multiple versions. 

Your Profile should just reflect your current version!

 

Just provide the other information so we know that you are thinking this is a broader problem other than 13. When you post it in the 13 topics, I have no way of knowing whether or not you just posted in the first topic, or if the question is about 13. We automatically assume that the Profile is correct a long with the other info. 

 

Also, why did you pick the General Topic over one of the Server Topics?

 

I’m on my way out to meet with a client, I will pick this up later today.

Edited by Lee Smith
Rewrote the Reply.
Link to comment
Share on other sites
xochi Mentor

xochi

Posted
  • Author
Posted

The right thing to do would be to turn off the server / apache functions until Apple releases an update.  Many of us can't wait that long.

 

What I did:

* shut down the server and think about it

* found a bash fix which I trusted - recompiled it and installed it.  For example : 

  http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an

* restarted servers

Link to comment
Share on other sites
Dave Carmean Apprentice

Dave Carmean

Posted
Posted

Thank you Xochi!  I followed the instructions in your link (apple stackexchange) for our Filemaker 11 server on mountain lion (client, not server).  No problems.  

 

Update- I install the bash fix Friday night but did not restart the server until Monday morning.  The bash fix does not require restarting the system, but the system logs will include some errors as the signature of the new bash does not correspond to the record until after a restart.  And I always need to restart the web server [sudo apachectl graceful] after restarting the system.

Link to comment
Share on other sites
  • 2 weeks later...

This topic is 3484 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept