Build this and then copy the real bash to /bin/bash_real. Copy the built safe_bash to /bin/bash.
Contact me if you want the whole xcode project.
Source is:
//
// main.c
// safe_bash
//
// Created by Paul Nelson on 9/25/14.
// Copyright (c) 2014 Paul Nelson. All rights reserved.
//
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <paths.h>
#include <fcntl.h>
#include <time.h>
#include <sys/types.h>
#include <sys/stat.h>
int main(int argc, char * const argv[], char * const env[])
{
char * const * envp = env;
const char * path = _PATH_DEFPATH;
int idx = 0;
while( *envp )
{
if( memcmp( *envp, "PATH=", 5) == 0 )
path = *envp;
idx++;
envp++;
}
envp = env;
size_t newsize = (idx+1)*sizeof(char *);
char ** newenv = (char **)malloc( newsize );
if( !newenv )
return 1;
memset( newenv, 0, newsize );
idx = 0;
while( *envp )
{
const char *entry = *envp++;
const char * equal = strchr(entry, '=' );
if( ! equal )
continue;
if( equal[1] == '(' && equal[2] == ')' )
{
// this one is bad
int errlog = open( "/var/log/safe_bash", O_WRONLY+O_APPEND+O_EXLOCK);
if( errlog < 0 )
{
errlog = open( "/var/log/safe_bash", O_WRONLY+O_CREAT+O_EXLOCK);
if( errlog >= 0 )
fchmod(errlog, 0666);
}
if( errlog >= 0 )
{
char timebuf[256];
time_t tnow;
time(&tnow);
ctime_r(&tnow, timebuf);
char * makespace = strchr(timebuf, '\n');
if( makespace )
*makespace = ' ';
strlcat(timebuf, "safe_bash offending environment:\n", sizeof(timebuf));
write(errlog, timebuf, strlen(timebuf));
write(errlog, entry, strlen(entry));
write(errlog, "\n\n", 2);
close(errlog);
}
}
else
newenv[idx++] = (char * const)entry;
}
newenv[idx] = NULL;
execve("/bin/bash_real", argv, newenv);
return 0;
}
On Sep 28, 2014, at 12:08 PM, Carl Ketterling <
email@hidden> wrote:
I think you’ll need to be more specific. Bash was updated as recently as late last night ( https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/ ). For the initial vulnerability, several places on the Internet detail how to build your own. That leaves another vulnerability still unfixed, though:
env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
Carl
From: David Emery <email@hidden>
Date: Sun, 28 Sep 2014 13:04:06 -0400
To: Fed Talk <email@hidden>
Subject: [Fed-Talk] Has anyone built a patched Bash for 10.6?
If so, can I get a copy?
thanks dave
-----
David Emery, 703 298 3473 (c) 571 529 6445 (speakerphone)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden