Skip to content
/ bash-fix Public

Download and compile a new version of bash to replace vulnerable one

42 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tjluoma/bash-fix

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
README.md
README.md
 
 
bash-fix.sh
bash-fix.sh
 
 

Repository files navigation

bash-fix

Summary

Download and compile a new version of bash to replace vulnerable one.

Derived from Alex Blewitt’s original which I first saw when he posted it on the Apple StackExchange site.

“Didn’t Apple fix this?”

On 30 September 2014 Apple made official patches available for the following versions of OS X:

Apple’s fixed bash is GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13).

As I understand it, that solved the remotely exploitable part of the shellshock vulnerability. So if that’s all you are worried about, you should be safe after applying the appropriate update from Apple.

However, other problems are still being found and patched.

If you are a regular Mac user and aren’t running a Mac server, you probably don’t need to worry about anything beyond Apple’s official fix.

However, I do run a Mac server (at the awesome MacMiniColo) and wanted to keep my version of bash “more current” so I installed Apple’s fix and then re-ran this script.

I will continue to update this script as I learn of more vulnerabilities. Pull requests for new official patches are always welcome. Thanks to those who have already contributed, including Rosyna Keller via Twitter.

Disclaimer

As always, YMMV, and use entirely at your own risk.

No warranty expressed or implied for any suitability for any purpose.

If something breaks, you own both pieces and all of the responsibility, and so on.

How To Install/Use

  1. Install Xcode if it is not already installed.

  2. Launch Terminal.app (or iTerm)

  3. If this is your first time using Xcode’s command line tools, you will have to agree to the terms and conditions by using

    sudo xcodebuild -license

  4. Run this command

    curl -sL http://luo.ma/bash-fix.sh | zsh -f

    That’s just a short URL for https://raw.githubusercontent.com/tjluoma/bash-fix/master/bash-fix.sh but if you would rather not use the short URL, use this instead:

    curl -s https://raw.githubusercontent.com/tjluoma/bash-fix/master/bash-fix.sh | zsh -f

  5. Follow prompts

When you are done, bash --version should report itself as:

GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin13)

(or possibly later, if more patches have been added and I forgot to update the README.)

Troubleshooting:

Error: “build/Release/bash does not exist.”

Fix: Enter sudo xcodebuild -license into Terminal, read and agree to terms, and then re-run the script.

About

Download and compile a new version of bash to replace vulnerable one

Resources

Readme
Activity

Stars

42 stars

Watchers

6 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages