Skip to content

Instantly share code, notes, and snippets.

@wilkinson

wilkinson/.bashrc

Created September 25, 2014 18:56
Show Gist options
  • Save wilkinson/9fedbacb6917c9cf6e36 to your computer and use it in GitHub Desktop.
Save wilkinson/9fedbacb6917c9cf6e36 to your computer and use it in GitHub Desktop.
Download ZIP
Shellshock check for bashrc
Raw
.bashrc
# To anyone worried about using servers that may not have attentive admins --
# put the following line(s) in your ~/.bashrc to help protect yourself:
env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED"' \
bash --norc -c ':' 2>/dev/null;
# It will print to stdout if and only if your shell is vulnerable, and nothing
# will be printed if your shell has been patched. It will take a little longer
# to launch a new shell slightly, but for some, this may be worth it.
@PenelopeFudd
Copy link

Here, let's include ${BASH}, dedup the list, and add extra quotes for crazy people with whitespace in their filenames:

# Shellshock test 
count=$( (echo ${BASH};which -a bash sh ) | sort -u | wc -l)
for (( a=1 ; $a<=$count; a=$a+1 )); do
  exe="$((echo ${BASH};which -a bash sh ) | sort -u | head -$a | tail -1)"
  env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED in $exe"' "$exe" --norc -c : 2>/dev/null
done
unset count exe a

Note: it turned out to be fiendishly hard to deal with whitespace in $BASH and $PATH.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment