Skip to content

Instantly share code, notes, and snippets.

@cfeduke
Last active August 29, 2015 14:06
Show Gist options
  • Save cfeduke/9fbc48db54feb79c9108 to your computer and use it in GitHub Desktop.
Save cfeduke/9fbc48db54feb79c9108 to your computer and use it in GitHub Desktop.
Recompile and install OSX bash from Apple's source code archives with GNU patches applied (to prevent shellshock vulnerability)
# from https://gist.github.com/JonRowe/8f128cbfca40d61547bc with comments for 2nd patch
# original script author JonRow, 2nd patch script: rwebler
# recommend running these commands manually from Terminal, requires sudo for install
# you can:
# curl -L _this-url_ | sh
# if you are lazy
mkdir /tmp/bash-fix
cd cd /tmp/bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
curl http://alblue.bandlem.com/bash32-053.patch | patch -p0
cd ..
xcodebuild
# install
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
sudo cp -f build/Release/sh /bin
sudo cp -f build/Release/sh /bin
# verify
echo verifying bash is no longer vulnerable - expect 2 errors
env X="() { :;} ; echo still vulnerable" /bin/sh -c "echo not vulnerable - 2 messages above this line"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment