• Shellshock Fix for Mac

    Recently there was a security flaw discovered in bash. It’s called “Shellshock”. I colleague circulated how to fix so I am posting it.¬†This is for folks on a Mac. If you are unsure if you are vulnerable to begin with follow these steps:

    1. Open Terminal

    2. Paste this and hit return: env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’

    3. If your terminal says vulnerable then need to follow the next steps. Paste each line in order one after each other:

    mkdir bash-fix
    cd bash-fix
    curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf –
    cd bash-92/bash-3.2
    curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
    curl http://alblue.bandlem.com/bash32-053.patch | patch -p0
    cd ..
    xcodebuild
    sudo cp /bin/bash /bin/bash.old
    sudo cp /bin/sh /bin/sh.old
    build/Release/bash –version # GNU bash, version 3.2.53(1)-release
    build/Release/sh –version # GNU bash, version 3.2.53(1)-release
    sudo cp build/Release/bash /bin
    sudo cp build/Release/sh /bin

    (H/T: @bradparbs)