{"id":847,"date":"2014-10-08T09:52:55","date_gmt":"2014-10-08T08:52:55","guid":{"rendered":"http:\/\/www.floyd.ch\/?p=847"},"modified":"2023-05-31T08:05:15","modified_gmt":"2023-05-31T07:05:15","slug":"shellshock","status":"publish","type":"post","link":"https:\/\/www.floyd.ch\/?p=847","title":{"rendered":"Shellshock fix &#8211; bash compiling for OSX"},"content":{"rendered":"<p>By now probably all of you <a href=\"http:\/\/lcamtuf.blogspot.com\/2014\/09\/bash-bug-apply-unofficial-patch-now.html\" title=\"lcamtuf shellshock\" target=\"_blank\" rel=\"noopener\">heard<\/a> of the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Shellshock_%28software_bug%29\" target=\"_blank\" rel=\"noopener\">shellshock<\/a> vulnerability. Just as a small heads-up, I wasn&#8217;t able to compile the bash version 4.3 on Mac OSX as the last few patches simply don&#8217;t work for me. But here&#8217;s how you can compile, test and install version 4.2 on your OSX:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n#adopted from an original post (that was deleted) from http:\/\/www.linus-neumann.de\/2014\/09\/26\/clean-your-mac-from-shellshock-by-updating-bash\/\r\n\r\nPATCH_COMMAND=patch\r\n#No better results with gnu-patch from mac ports -&gt; \/opt\/local\/bin\/gpatch\r\n\r\n\r\n#VERSION_TO_COMPILE=4.1\r\n#VERSION_TO_COMPILE_NO_DOT=41\r\n#VERSION_NUMBER_OF_PATCHES=17\r\n\r\nVERSION_TO_COMPILE=4.2\r\nVERSION_TO_COMPILE_NO_DOT=42\r\nVERSION_NUMBER_OF_PATCHES=53\r\n\r\n#patches starting from 029 don't work for me in version 4.3\r\n#VERSION_TO_COMPILE=4.3\r\n#VERSION_TO_COMPILE_NO_DOT=43\r\n#VERSION_NUMBER_OF_PATCHES=30\r\n\r\n\r\necho &quot;* Downloading bash source code&quot;\r\nwget --quiet http:\/\/ftpmirror.gnu.org\/bash\/bash-$VERSION_TO_COMPILE.tar.gz\r\ntar xzf bash-$VERSION_TO_COMPILE.tar.gz \r\ncd bash-$VERSION_TO_COMPILE\r\n\r\necho &quot;* Downloading and applying all patches&quot;\r\nfor i in $(seq -f &quot;%03g&quot; 1 $VERSION_NUMBER_OF_PATCHES); do\r\n   echo &quot;Downloading and applying patch number $i for bash-$VERSION_TO_COMPILE&quot;\r\n   wget --quiet http:\/\/ftp.gnu.org\/pub\/gnu\/bash\/bash-$VERSION_TO_COMPILE-patches\/bash$VERSION_TO_COMPILE_NO_DOT-$i\r\n   $PATCH_COMMAND -p0 &lt; bash$VERSION_TO_COMPILE_NO_DOT-$i\r\n   #sleep 0.5\r\ndone\r\n\r\necho &quot;* configuring and building bash binary&quot;\r\nsleep 1\r\n.\/configure\r\nmake\r\n\r\necho &quot;* writing bash test script&quot;\r\n#The following script will only work when your cwd has the bash binary,\r\n#so you can execute .\/bash\r\n#mostly taken from shellshocker.net:\r\ncat &lt;&lt; EOF &gt; \/tmp\/tmp-bash-test-file.sh\r\n    #CVE-2014-6271\r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    env x='() { :;}; echo vulnerable' .\/bash -c &quot;echo no worries so far&quot;\r\n    #CVE-2014-7169\r\n    echo &quot;* If the following lines print the actual date rather than the string 'date' you are vulnerable:&quot;\r\n    env X='() { ()=&gt;\\' .\/bash -c &quot;echo date&quot;; cat echo;\r\n    #unknown\r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    env X=' () { }; echo vulnerable' .\/bash -c 'echo no worries so far'\r\n    #CVE-2014-7186\r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    .\/bash -c 'true &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF &lt;&lt;EOF' || echo &quot;vulnerable CVE-2014-7186 , redir_stack&quot;\r\n    #CVE-2014-7187\r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    (for x in {1..200} ; do echo &quot;for x$x in ; do :&quot;; done; for x in {1..200} ; do echo done ; done) | .\/bash || echo &quot;vulnerable CVE-2014-7187 , word_lineno&quot;\r\n    #CVE-2014-6278\r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    shellshocker='() { echo vulnerable; }' .\/bash -c shellshocker\r\n    #CVE-2014-6277\r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    .\/bash -c &quot;f() { x() { _;}; x() { _;} &lt;&lt;a; }&quot; 2&gt;\/dev\/null || echo vulnerable\r\n    #more tests, probably often testing the same as above, but better safe than sorry\r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    env X='() { _; } &gt;_&#x5B;$($())] { echo vulnerable; }' .\/bash -c : \r\n    echo &quot;* If the following lines contain the word 'vulnerable' your bash is not fixed:&quot;\r\n    foo='() { echo vulnerable; }' .\/bash -c foo\r\nEOF\r\n\r\necho &quot;&quot;\r\necho &quot;* Starting a new bash process to check for vulnerabilities&quot;\r\necho &quot;&quot;\r\nsleep 1\r\n.\/bash \/tmp\/tmp-bash-test-file.sh\r\n\r\necho &quot;&quot;\r\necho &quot;* If the compiled bash binary is not vulnerable, you want to install that binary in your system:&quot;\r\necho &quot;cd bash-$VERSION_TO_COMPILE&quot;\r\necho &quot;sudo make install&quot;\r\necho &quot;sudo mv \/bin\/bash \/bin\/old_vulnerable_bash &amp;&amp; sudo ln \/usr\/local\/bin\/bash \/bin\/bash&quot;\r\n<\/pre>\n<p>cheers,<br \/>\nfloyd<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By now probably all of you heard of the shellshock vulnerability. Just as a small heads-up, I wasn&#8217;t able to compile the bash version 4.3 on Mac OSX as the last few patches simply don&#8217;t work for me. But here&#8217;s &hellip; <a href=\"https:\/\/www.floyd.ch\/?p=847\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19,33],"tags":[144,45,143,26,145,142],"class_list":["post-847","post","type-post","status-publish","format-standard","hentry","category-useful-scripts","category-various","tag-apple","tag-bash","tag-fix","tag-mac","tag-osx","tag-shellshock"],"_links":{"self":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=847"}],"version-history":[{"count":9,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/847\/revisions"}],"predecessor-version":[{"id":851,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/847\/revisions\/851"}],"wp:attachment":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=847"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=847"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}