/bash-fix

Download and compile a new version of bash to replace vulnerable one

Primary LanguageShell

bash-fix

Summary

Download and compile a new version of bash to replace vulnerable one.

Derived from Alex Blewitt’s original which I first saw when he posted it on the Apple StackExchange site.

“Didn’t Apple fix this?”

On 30 September 2014 Apple made official patches available for the following versions of OS X:

Apple’s fixed bash is GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13).

As I understand it, that solved the remotely exploitable part of the shellshock vulnerability. So if that’s all you are worried about, you should be safe after applying the appropriate update from Apple.

However, other problems are still being found and patched.

If you are a regular Mac user and aren’t running a Mac server, you probably don’t need to worry about anything beyond Apple’s official fix.

However, I do run a Mac server (at the awesome MacMiniColo) and wanted to keep my version of bash “more current” so I installed Apple’s fix and then re-ran this script.

I will continue to update this script as I learn of more vulnerabilities. Pull requests for new official patches are always welcome. Thanks to those who have already contributed, including Rosyna Keller via Twitter.

Disclaimer

As always, YMMV, and use entirely at your own risk.

No warranty expressed or implied for any suitability for any purpose.

If something breaks, you own both pieces and all of the responsibility, and so on.

How To Install/Use

  1. Install Xcode if it is not already installed.

  2. Launch Terminal.app (or iTerm)

  3. If this is your first time using Xcode’s command line tools, you will have to agree to the terms and conditions by using

    sudo xcodebuild -license

  4. Run this command

    curl -sL http://luo.ma/bash-fix.sh | zsh -f

    That’s just a short URL for https://raw.githubusercontent.com/tjluoma/bash-fix/master/bash-fix.sh but if you would rather not use the short URL, use this instead:

    curl -s https://raw.githubusercontent.com/tjluoma/bash-fix/master/bash-fix.sh | zsh -f

  5. Follow prompts

When you are done, bash --version should report itself as:

GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin13)

(or possibly later, if more patches have been added and I forgot to update the README.)

Troubleshooting:

Error: “build/Release/bash does not exist.”

Fix: Enter sudo xcodebuild -license into Terminal, read and agree to terms, and then re-run the script.