yath/patch.sh

## patch.sh
#!/bin/sh
URL="https://gist.githubusercontent.com/yath/1c7b8f497b869e9070d5/raw/5fee4133fc11bcb96d07467754fef551aea32160/stripenv.c"
OUT=/usr/local/lib/stripenv
set -e

test_vuln() {
    dir="$(mktemp -d)"
    cd "$dir"
    env ohai='() { echo pwned; }' X='() { (a)=>\' bash -c "echo ohai" > /dev/null 2>&1
    if grep -qw pwned echo 2>/dev/null; then rc=0; else rc=1; fi
    cd "$OLDPWD"
    rm -rf "$dir"
    return "$rc"
}

if ! test_vuln; then
    echo "Not vulnerable, doing nothing"
    exit 0
fi

if [ ! -e "$OUT" ]; then
    echo "Compiling $OUT..."
    source="$(mktemp --suffix=.c)"
    curl "$URL" > "$source"
    gcc -o "$OUT" -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 "$source"
    rm -f "$source"
fi

if ! grep -qF "$OUT" /etc/ld.so.preload 2>/dev/null; then
    echo "Adding $OUT to /etc/ld.so.preload..."
    echo "$OUT" >> /etc/ld.so.preload
fi

echo -n "Still vulnerable? "
test_vuln && echo "yes" || echo "no"

## stripenv.c
/* based on https://access.redhat.com/sites/default/files/attachments/bash_ld_preload.c */
/* compile with gcc -o /usr/local/lib/stripenv -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 stripenv.c,
 * enable with export LD_PRELOAD=/usr/local/lib/stripenv or put into /etc/ld.so.preload */
/*  - @yath0r */

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>

static void __attribute__ ((constructor)) strip_env(void);
extern char **environ;

static void strip_env() {
    char *p, *c, *x;
    int i = 0;
    for (p = environ[i]; p; i++) {
        if ((c = strchr(p, '=')) != NULL) {
            x = c+1;
            while (*x && isspace(*x))
                x++;
            if (*x == '(') {
                write(2, "Dropping environment variable ", 30);
                write(2, p, c-p);
                write(2, "\n", 1);
                while (*x)
                    *x++ = '\0';
            }
        }
        p = environ[i];
    }
}
	#!/bin/sh
	URL="https://gist.githubusercontent.com/yath/1c7b8f497b869e9070d5/raw/5fee4133fc11bcb96d07467754fef551aea32160/stripenv.c"
	OUT=/usr/local/lib/stripenv
	set -e

	test_vuln() {
	dir="$(mktemp -d)"
	cd "$dir"
	env ohai='() { echo pwned; }' X='() { (a)=>\' bash -c "echo ohai" > /dev/null 2>&1
	if grep -qw pwned echo 2>/dev/null; then rc=0; else rc=1; fi
	cd "$OLDPWD"
	rm -rf "$dir"
	return "$rc"
	}

	if ! test_vuln; then
	echo "Not vulnerable, doing nothing"
	exit 0
	fi

	if [ ! -e "$OUT" ]; then
	echo "Compiling $OUT..."
	source="$(mktemp --suffix=.c)"
	curl "$URL" > "$source"
	gcc -o "$OUT" -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 "$source"
	rm -f "$source"
	fi

	if ! grep -qF "$OUT" /etc/ld.so.preload 2>/dev/null; then
	echo "Adding $OUT to /etc/ld.so.preload..."
	echo "$OUT" >> /etc/ld.so.preload
	fi

	echo -n "Still vulnerable? "
	test_vuln && echo "yes" \|\| echo "no"
	/* based on https://access.redhat.com/sites/default/files/attachments/bash_ld_preload.c */
	/* compile with gcc -o /usr/local/lib/stripenv -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 stripenv.c,
	* enable with export LD_PRELOAD=/usr/local/lib/stripenv or put into /etc/ld.so.preload */
	/* - @yath0r */

	#include <sys/types.h>
	#include <stdlib.h>
	#include <string.h>
	#include <ctype.h>
	#include <unistd.h>

	static void __attribute__ ((constructor)) strip_env(void);
	extern char **environ;

	static void strip_env() {
	char p, c, *x;
	int i = 0;
	for (p = environ[i]; p; i++) {
	if ((c = strchr(p, '=')) != NULL) {
	x = c+1;
	while (x && isspace(x))
	x++;
	if (*x == '(') {
	write(2, "Dropping environment variable ", 30);
	write(2, p, c-p);
	write(2, "\n", 1);
	while (*x)
	*x++ = '\0';
	}
	}
	p = environ[i];
	}
	}