Skip to content

Instantly share code, notes, and snippets.

@cfeduke
Last active Aug 29, 2015
Embed
What would you like to do?
Recompile and install OSX bash from Apple's source code archives with GNU patches applied (to prevent shellshock vulnerability)
# from https://gist.github.com/JonRowe/8f128cbfca40d61547bc with comments for 2nd patch
# original script author JonRow, 2nd patch script: rwebler
# recommend running these commands manually from Terminal, requires sudo for install
# you can:
# curl -L _this-url_ | sh
# if you are lazy
mkdir /tmp/bash-fix
cd cd /tmp/bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
curl http://alblue.bandlem.com/bash32-053.patch | patch -p0
cd ..
xcodebuild
# install
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
sudo cp -f build/Release/sh /bin
sudo cp -f build/Release/sh /bin
# verify
echo verifying bash is no longer vulnerable - expect 2 errors
env X="() { :;} ; echo still vulnerable" /bin/sh -c "echo not vulnerable - 2 messages above this line"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment