Last active
June 28, 2016 20:26
-
-
Save JonRowe/8f128cbfca40d61547bc to your computer and use it in GitHub Desktop.
Recompile bash to prevent ShellShock, see http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir bash-fix | |
| cd bash-fix | |
| curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf - | |
| cd bash-92/bash-3.2 | |
| curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0 | |
| curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0 | |
| cd .. | |
| xcodebuild | |
| sudo cp /bin/bash /bin/bash.old | |
| sudo cp /bin/sh /bin/sh.old | |
| build/Release/bash --version # GNU bash, version 3.2.53(1)-release | |
| build/Release/sh --version # GNU bash, version 3.2.53(1)-release | |
| sudo cp build/Release/bash /bin | |
| sudo cp build/Release/sh /bin |
Author
@jonowe What are the steps for second patch
Get them here: http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an
If you'd already applied the fixes above, do:
cd bash-fix/bash-92/bash-3.2
curl http://alblue.bandlem.com/bash32-053.patch | patch -p0
cd ..
xcodebuild
sudo cp -f build/Release/sh /bin
sudo cp -f build/Release/sh /bin
Author
Now updated to use the official gnu patch.
Thanks for this π
ππ―
Thanks indeed, compiled and applied no sweat.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Still needs the second patch for the second vulnerability, see: http://seclists.org/oss-sec/2014/q3/702