Dealing with "Shellshock" - patching bash

As everyone hopefully is aware there's a big vunerability with bash. Although that will effect a number of different UNIX derived Openrating Systems, the main target is going to be all those Linux servers out there - even those old ones that you've not touched for years.

For modern systems - Ubuntu 10.04 onwards, Debian 7, Centos 6 etc. then it's either a case of the following two commands

apt-get update ; apt-get install bash

yum install bash

However for anything older than that you need to do it manually. This isn't so hard as you might think. Depending on your machine you may need to install either bash 4.2 or bash 4.3. I certainly had problems installing bash 4.3 on an old Gentoo VM but found 4.2 installed fine. Here's how I did it. The patching part is current but I may have to update it as bash is repatched! First of all ensure you are logged in as root (either using su - or sudo -s). Also ensure youi have the tools for building source code. You need gcc, patch and make at the very least. Then for 4.3 you run

cd /root/
mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
for i in $(seq -f "%03g" 0 27); do wget     http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
for i in $(seq -f "%03g" 0 27);do patch -p0 < ../bash43-$i; done
cp /bin/bash /bin/oldbash
./configure --bindir=/bin/ && make && make install

If bash 4.3 won't compile you can try bash 4.2 -

cd /root/
mkdir src
cd src
wget https://ftp.gnu.org/gnu/bash/bash-4.2.tar.gz
for i in $(seq -f "%03g" 0 50); do wget     http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-$i; done
tar -zxvf bash-4.2.tar.gz
cd bash-4.2
for i in $(seq -f "%03g" 0 50);do patch -p0 < ../bash42-$i; done
cp /bin/bash /bin/oldbash
./configure --bindir=/bin/ && make && make install

to ensure the install went through just run bash -version and make sure it comes up with either bash 4.2 or bash 4.3. You can test that it deals with the current bash exploits by running

env var='() {(a)=>\' bash -c "echo date"; cat echo

If youy see the date displayed at the bottom of the output you've still got a problem. Double check what you did. If not then you're safe for now...

By Primitive Designs Last updated: 29 September 2014, 13:08