chrisfu/build_bash32.sh

## build_bash32.sh
# inspired by http://askubuntu.com/a/528171

# prerequisites
sudo apt-get install bison flex make patch gcc byacc

# get bash 3.2 source
mkdir src && cd src
wget http://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz
tar zxvf bash-3.2.tar.gz
cd bash-3.2

# download and apply all patches, including the latest one that patches CVE-2014-6271
for i in $(seq -f "%03g" 1 52); do
  wget -nv http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i
  patch -p0 < bash32-$i
done

# grab a patch that fixes CVE-2014-7169
wget -nv http://seclists.org/oss-sec/2014/q3/att-734/bash32-053.bin -O bash32-053
patch -p0 < bash32-053

# compile and install to /usr/local/bin/bash
./configure && make
sudo make install

# point /bin/bash to the new binary
sudo mv /bin/bash /bin/bash.old
sudo ln -s /usr/local/bin/bash /bin/bash

# test by comparing the output of the following commands CVE-2014-6271
env x='() { :;}; echo vulnerable' /bin/bash.old -c echo
env x='() { :;}; echo vulnerable' bash -c echo
	# inspired by http://askubuntu.com/a/528171

	# prerequisites
	sudo apt-get install bison flex make patch gcc byacc

	# get bash 3.2 source
	mkdir src && cd src
	wget http://ftp.gnu.org/gnu/bash/bash-3.2.tar.gz
	tar zxvf bash-3.2.tar.gz
	cd bash-3.2

	# download and apply all patches, including the latest one that patches CVE-2014-6271
	for i in $(seq -f "%03g" 1 52); do
	wget -nv http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-$i
	patch -p0 < bash32-$i
	done

	# grab a patch that fixes CVE-2014-7169
	wget -nv http://seclists.org/oss-sec/2014/q3/att-734/bash32-053.bin -O bash32-053
	patch -p0 < bash32-053

	# compile and install to /usr/local/bin/bash
	./configure && make
	sudo make install

	# point /bin/bash to the new binary
	sudo mv /bin/bash /bin/bash.old
	sudo ln -s /usr/local/bin/bash /bin/bash

	# test by comparing the output of the following commands CVE-2014-6271
	env x='() { :;}; echo vulnerable' /bin/bash.old -c echo
	env x='() { :;}; echo vulnerable' bash -c echo