Last Updated: February 25, 2016
·
412
· montanaflynn

Install shellshock patched bash from source

If you're using an old version of ubuntu or any other distro that is vulnerable to shellshock with no way to patch it then here is a shell script for you.

#!/bin/sh

GCC=`which gcc`
if [ -z "$GCC" ]; then
    echo "Your system does not have the GNU gcc complier installed."
    echo "Please install the gcc complier and then run this script again."
    exit 1
fi

echo "Creating tmp folder..."
cd /tmp
mkdir bash
cd bash
echo "Downloading Bash..."
wget -N https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
echo "Downloading Bash patches..."
while [ true ];
    do i=`expr $i + 1`; wget -N https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$(printf '%03g' $i);
    if [ $? -ne 0 ];
        then break;
    fi;
done
echo "Extracting bash from tar.gz..."
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
echo "Applying Patches..."
for p in `ls ../bash43-[0-9][0-9][0-9]`; do patch -p0 < $p; done

echo "Ready to install. Configuring..."
./configure --prefix=/
echo "Running make"
make
echo "Running make install"
if [[ "$USER" == "root" ]]
then
  make install
  cp /bin/bash /usr/local/bin/bash
else
  sudo make install
  sudo cp /bin/bash /usr/local/bin/bash
fi

echo "Open bash to verify no longer vulnerable"