Skip to content

Instantly share code, notes, and snippets.

Last active Aug 29, 2015
What would you like to do?
Recompile and install OSX bash from Apple's source code archives with GNU patches applied (to prevent shellshock vulnerability)
# from with comments for 2nd patch
# original script author JonRow, 2nd patch script: rwebler
# recommend running these commands manually from Terminal, requires sudo for install
# you can:
# curl -L _this-url_ | sh
# if you are lazy
mkdir /tmp/bash-fix
cd cd /tmp/bash-fix
curl | tar zxf -
cd bash-92/bash-3.2
curl | patch -p0
curl | patch -p0
cd ..
# install
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
sudo cp -f build/Release/sh /bin
sudo cp -f build/Release/sh /bin
# verify
echo verifying bash is no longer vulnerable - expect 2 errors
env X="() { :;} ; echo still vulnerable" /bin/sh -c "echo not vulnerable - 2 messages above this line"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment