Skip to content

Instantly share code, notes, and snippets.

@yath

yath/patch.sh

Last active Aug 29, 2015
Embed
What would you like to do?
#!/bin/sh
URL="https://gist.githubusercontent.com/yath/1c7b8f497b869e9070d5/raw/5fee4133fc11bcb96d07467754fef551aea32160/stripenv.c"
OUT=/usr/local/lib/stripenv
set -e
test_vuln() {
dir="$(mktemp -d)"
cd "$dir"
env ohai='() { echo pwned; }' X='() { (a)=>\' bash -c "echo ohai" > /dev/null 2>&1
if grep -qw pwned echo 2>/dev/null; then rc=0; else rc=1; fi
cd "$OLDPWD"
rm -rf "$dir"
return "$rc"
}
if ! test_vuln; then
echo "Not vulnerable, doing nothing"
exit 0
fi
if [ ! -e "$OUT" ]; then
echo "Compiling $OUT..."
source="$(mktemp --suffix=.c)"
curl "$URL" > "$source"
gcc -o "$OUT" -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 "$source"
rm -f "$source"
fi
if ! grep -qF "$OUT" /etc/ld.so.preload 2>/dev/null; then
echo "Adding $OUT to /etc/ld.so.preload..."
echo "$OUT" >> /etc/ld.so.preload
fi
echo -n "Still vulnerable? "
test_vuln && echo "yes" || echo "no"
/* based on https://access.redhat.com/sites/default/files/attachments/bash_ld_preload.c */
/* compile with gcc -o /usr/local/lib/stripenv -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 stripenv.c,
* enable with export LD_PRELOAD=/usr/local/lib/stripenv or put into /etc/ld.so.preload */
/* - @yath0r */
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
static void __attribute__ ((constructor)) strip_env(void);
extern char **environ;
static void strip_env() {
char *p, *c, *x;
int i = 0;
for (p = environ[i]; p; i++) {
if ((c = strchr(p, '=')) != NULL) {
x = c+1;
while (*x && isspace(*x))
x++;
if (*x == '(') {
write(2, "Dropping environment variable ", 30);
write(2, p, c-p);
write(2, "\n", 1);
while (*x)
*x++ = '\0';
}
}
p = environ[i];
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.