Skip to content

Instantly share code, notes, and snippets.

Last active Aug 29, 2015
What would you like to do?
set -e
test_vuln() {
dir="$(mktemp -d)"
cd "$dir"
env ohai='() { echo pwned; }' X='() { (a)=>\' bash -c "echo ohai" > /dev/null 2>&1
if grep -qw pwned echo 2>/dev/null; then rc=0; else rc=1; fi
cd "$OLDPWD"
rm -rf "$dir"
return "$rc"
if ! test_vuln; then
echo "Not vulnerable, doing nothing"
exit 0
if [ ! -e "$OUT" ]; then
echo "Compiling $OUT..."
source="$(mktemp --suffix=.c)"
curl "$URL" > "$source"
gcc -o "$OUT" -fPIC -shared -Wl,-soname, "$source"
rm -f "$source"
if ! grep -qF "$OUT" /etc/ 2>/dev/null; then
echo "Adding $OUT to /etc/"
echo "$OUT" >> /etc/
echo -n "Still vulnerable? "
test_vuln && echo "yes" || echo "no"
/* based on */
/* compile with gcc -o /usr/local/lib/stripenv -fPIC -shared -Wl,-soname, stripenv.c,
* enable with export LD_PRELOAD=/usr/local/lib/stripenv or put into /etc/ */
/* - @yath0r */
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
static void __attribute__ ((constructor)) strip_env(void);
extern char **environ;
static void strip_env() {
char *p, *c, *x;
int i = 0;
for (p = environ[i]; p; i++) {
if ((c = strchr(p, '=')) != NULL) {
x = c+1;
while (*x && isspace(*x))
if (*x == '(') {
write(2, "Dropping environment variable ", 30);
write(2, p, c-p);
write(2, "\n", 1);
while (*x)
*x++ = '\0';
p = environ[i];
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment