xochi Posted September 25, 2014 Posted September 25, 2014 FileMaker Server uses Apache on OS X, and edits the configuration file ( /private/etc/apache2/httpd.conf ) and enables apache. This means that if one is running filemaker server, one is (usually) running apache. The new 'shellshock' bug would seem to be a concern in this situation. I'm running a few OS X servers that have FM Server and Apache running. I've decided to stop apache this morning until I understand the risks. Background on shellshock : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Lee Smith Posted September 25, 2014 Posted September 25, 2014 Is your FileMaker version 13 or 11? If 13, then please upgrade your Profile to show your current Version of FileMaker, OS and Platform. Here a quick link to your profile. MY PROFILE
xochi Posted September 25, 2014 Author Posted September 25, 2014 Hi Lee - the profile doesn't let one choose multiple versions. I'm running FMS 11 and FMS 13 on different machines. I believe the vulnerability applies to any version of FMS which uses apache on Mac OS X, which I believe would cover 9, 10, 11, 12, and 13...
Lee Smith Posted September 25, 2014 Posted September 25, 2014 (edited) the profile doesn't let one choose multiple versions. Your Profile should just reflect your current version! Just provide the other information so we know that you are thinking this is a broader problem other than 13. When you post it in the 13 topics, I have no way of knowing whether or not you just posted in the first topic, or if the question is about 13. We automatically assume that the Profile is correct a long with the other info. Also, why did you pick the General Topic over one of the Server Topics? I’m on my way out to meet with a client, I will pick this up later today. Edited September 26, 2014 by Lee Smith Rewrote the Reply.
xochi Posted September 27, 2014 Author Posted September 27, 2014 The right thing to do would be to turn off the server / apache functions until Apple releases an update. Many of us can't wait that long. What I did: * shut down the server and think about it * found a bash fix which I trusted - recompiled it and installed it. For example : http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an * restarted servers
Dave Carmean Posted September 27, 2014 Posted September 27, 2014 Thank you Xochi! I followed the instructions in your link (apple stackexchange) for our Filemaker 11 server on mountain lion (client, not server). No problems. Update- I install the bash fix Friday night but did not restart the server until Monday morning. The bash fix does not require restarting the system, but the system logs will include some errors as the signature of the new bash does not correspond to the record until after a restart. And I always need to restart the web server [sudo apachectl graceful] after restarting the system.
cbum Posted September 30, 2014 Posted September 30, 2014 Apple just released a patch for 10.7 - 10.9. I still need one for 10.6 ....
Richard Fincher Posted October 12, 2014 Posted October 12, 2014 On some of my older Linux boxes, I had to recompile bash from source. This isn't going to be easy on a mac, as you'd need a c compiler first (like the one which comes with XCode) it is doable though.
Recommended Posts
This topic is 3693 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now