Last active
August 29, 2015 14:06
-
-
Save cfeduke/9fbc48db54feb79c9108 to your computer and use it in GitHub Desktop.
Recompile and install OSX bash from Apple's source code archives with GNU patches applied (to prevent shellshock vulnerability)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# from https://gist.github.com/JonRowe/8f128cbfca40d61547bc with comments for 2nd patch | |
# original script author JonRow, 2nd patch script: rwebler | |
# recommend running these commands manually from Terminal, requires sudo for install | |
# you can: | |
# curl -L _this-url_ | sh | |
# if you are lazy | |
mkdir /tmp/bash-fix | |
cd cd /tmp/bash-fix | |
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf - | |
cd bash-92/bash-3.2 | |
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0 | |
curl http://alblue.bandlem.com/bash32-053.patch | patch -p0 | |
cd .. | |
xcodebuild | |
# install | |
sudo cp /bin/bash /bin/bash.old | |
sudo cp /bin/sh /bin/sh.old | |
sudo cp -f build/Release/sh /bin | |
sudo cp -f build/Release/sh /bin | |
# verify | |
echo verifying bash is no longer vulnerable - expect 2 errors | |
env X="() { :;} ; echo still vulnerable" /bin/sh -c "echo not vulnerable - 2 messages above this line" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment