Last active
August 29, 2015 14:06
-
-
Save yath/1c7b8f497b869e9070d5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
URL="https://gist.githubusercontent.com/yath/1c7b8f497b869e9070d5/raw/5fee4133fc11bcb96d07467754fef551aea32160/stripenv.c" | |
OUT=/usr/local/lib/stripenv | |
set -e | |
test_vuln() { | |
dir="$(mktemp -d)" | |
cd "$dir" | |
env ohai='() { echo pwned; }' X='() { (a)=>\' bash -c "echo ohai" > /dev/null 2>&1 | |
if grep -qw pwned echo 2>/dev/null; then rc=0; else rc=1; fi | |
cd "$OLDPWD" | |
rm -rf "$dir" | |
return "$rc" | |
} | |
if ! test_vuln; then | |
echo "Not vulnerable, doing nothing" | |
exit 0 | |
fi | |
if [ ! -e "$OUT" ]; then | |
echo "Compiling $OUT..." | |
source="$(mktemp --suffix=.c)" | |
curl "$URL" > "$source" | |
gcc -o "$OUT" -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 "$source" | |
rm -f "$source" | |
fi | |
if ! grep -qF "$OUT" /etc/ld.so.preload 2>/dev/null; then | |
echo "Adding $OUT to /etc/ld.so.preload..." | |
echo "$OUT" >> /etc/ld.so.preload | |
fi | |
echo -n "Still vulnerable? " | |
test_vuln && echo "yes" || echo "no" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* based on https://access.redhat.com/sites/default/files/attachments/bash_ld_preload.c */ | |
/* compile with gcc -o /usr/local/lib/stripenv -fPIC -shared -Wl,-soname,stripenv_ld_preload.so.1 stripenv.c, | |
* enable with export LD_PRELOAD=/usr/local/lib/stripenv or put into /etc/ld.so.preload */ | |
/* - @yath0r */ | |
#include <sys/types.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <ctype.h> | |
#include <unistd.h> | |
static void __attribute__ ((constructor)) strip_env(void); | |
extern char **environ; | |
static void strip_env() { | |
char *p, *c, *x; | |
int i = 0; | |
for (p = environ[i]; p; i++) { | |
if ((c = strchr(p, '=')) != NULL) { | |
x = c+1; | |
while (*x && isspace(*x)) | |
x++; | |
if (*x == '(') { | |
write(2, "Dropping environment variable ", 30); | |
write(2, p, c-p); | |
write(2, "\n", 1); | |
while (*x) | |
*x++ = '\0'; | |
} | |
} | |
p = environ[i]; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment