How to pach bash for shellshock on osx

osx_shellshock_fix

## Patching bash on OSX or Linux by [email protected]
##
## Note 1: You need XCode dev tools (or at least the command line build tools) for this to work.
##         If you are on OSX mavericks you can install these with: xcode-select --install
##
## Note 2: Run this as root! (type "sudo su" to become root.. Your prompt will change from $ to #)

# 1. Download the Bash 4.3 source with patches bash43-001 through bash43-026 applied
cd /usr/local
mkdir src # this will fail if you already have /usr/local/src, that's OK
cd src
curl -O http://phishy.biz/bash-4.3-p026.tar.gz
tar xzvf bash-4.3-p026.tar.gz 
# OR, download bash 4.3 yourself from: https://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
# then the 26 patches from: https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
# then apply each patch with patch -p0 < bash43-xxx

# 2. Build a new bash and install it to /usr/local/bin/bash
cd bash-4.3
./configure && make install

# 3. Now move the old old vulnerable versions out of the way and make them un-runnable
# then copy /usr/local/bin/bash as /bin/bash and /bin/sh
cd /bin
if [ -f /usr/local/bin/bash ] 
  then
    mv bash bash.bad
    mv sh sh.bad 
    chmod 400 sh.bad bash.bad
    cp /usr/local/bin/bash sh
    chmod 555 sh
    cp /usr/local/bin/bash bash
    chmod 755 bash
  else
    echo "Something went wrong - there is no /usr/local/bin/bash to copy."
    echo "Your /bin/sh and /bin/bash remain vulnerable."
fi
# 4. Test you have 4.3.26 showing up as the version on both shells
bash --version
sh --version

Line 5: Assumes /usr/local/src exists already.
Line 16: I had to copy to each destination individually.

thx Tom, should both be fixed now