Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Shellshock check for bashrc
# To anyone worried about using servers that may not have attentive admins --
# put the following line(s) in your ~/.bashrc to help protect yourself:
env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED"' \
bash --norc -c ':' 2>/dev/null;
# It will print to stdout if and only if your shell is vulnerable, and nothing
# will be printed if your shell has been patched. It will take a little longer
# to launch a new shell slightly, but for some, this may be worth it.
@wilkinson

This comment has been minimized.

Copy link
Owner Author

wilkinson commented Sep 25, 2014

To read more about "Shellshock", see the summary here.

@JuanitoMoore

This comment has been minimized.

Copy link

JuanitoMoore commented Sep 25, 2014

Add to the above (To identify which bash has the problem):

... DETECTED in $(which bash)"' \

One might have /usr/local/bin/bash in the path that is fixed, but is using /bin/bash which isn't -- giving one a false sense of security... thus also add the following:

if [ "$(which bash)" != "${BASH}" ]; then
env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED in ${BASH}"'
${BASH} --norc -c ':' 2>/dev/null;
if

Note: Using ${BASH} checks the actual bash used, rather than the bash in your current path..

And it could even be uglier... you aren't using /bin/bash in your shell, but the server is, add:

if [ "/bin/bash" != "${BASH}" ] &&
[ "/bin/bash" != "$(which bash)" ] &&
[ -x /bin/bash ]; then
env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED in /bin/bash"'
/bin/bash --norc -c ':' 2>/dev/null;
fi

@lucc

This comment has been minimized.

Copy link

lucc commented Sep 26, 2014

if you are concerned about different bash versions on the system you might try to catch them all with something like

for exe in `which -a sh bash`; do
  env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED in '$exe'"' \
    $exe --norc -c : 2>/dev/null
done
@PenelopeFudd

This comment has been minimized.

Copy link

PenelopeFudd commented Oct 24, 2014

Here, let's include ${BASH}, dedup the list, and add extra quotes for crazy people with whitespace in their filenames:

# Shellshock test 
count=$( (echo ${BASH};which -a bash sh ) | sort -u | wc -l)
for (( a=1 ; $a<=$count; a=$a+1 )); do
  exe="$((echo ${BASH};which -a bash sh ) | sort -u | head -$a | tail -1)"
  env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED in $exe"' "$exe" --norc -c : 2>/dev/null
done
unset count exe a

Note: it turned out to be fiendishly hard to deal with whitespace in $BASH and $PATH.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.