sgviking · August 29, 2015 14:07
diff --git a/bashup_manual.sh b/bashup_manual.sh
 #!/usr/bin/env bash

 # upgrade bash (from source) to
 # GNU bash, version 4.3.27(1)-release (x86_64-unknown-linux-gnu)
 # POC code: https://gist.github.com/sgviking/99f51a73665d8e52f50b

 mkdir bash-src
 cd bash-src

 # download/verify bash source
 wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
 wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz.sig
 gpg hackychecky  # hack to make sure config files exist
 gpg --recv-keys 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
 gpg --verify bash-4.3.tar.gz.sig || exit 1

 # download/verify patches 1-27
 for i in $(seq -f "%03g" 1 27); do
        wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i;
        wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i.sig;
        gpg --verify bash43-$i.sig || exit 1;
 done

 tar xf bash-4.3.tar.gz
 cd bash-4.3

 # apply all patches
 for i in $(seq -f "%03g" 1 27); do
        patch -p0 < ../bash43-$i;
 done

 bash_path="$(which bash)"
 prefix=${bash_path:0:${#bash_path}-8}

 selinux="$(command -v sestatus)"
 if [[ -n $selinux ]]; then
  selinux_status="$(sestatus -v | grep enforcing | grep Current)"
  if [[ -n $selinux_status ]]; then
    selinux_flag=1;
  else
    selinux_flag=0;
  fi
 else
  selinux_flag=0;
 fi

 if [[ $selinux_flag == 1 ]]; then setenforce 0; fi

 ./configure --prefix=$prefix && make && make install

 if [[ $selinux_flag == 1 ]]; then
  chcon -v --type=shell_exec_t $bash_path;
  setenforce 1;
 fi
	#!/usr/bin/env bash

	# upgrade bash (from source) to
	# GNU bash, version 4.3.27(1)-release (x86_64-unknown-linux-gnu)
	# POC code: https://gist.github.com/sgviking/99f51a73665d8e52f50b

	mkdir bash-src
	cd bash-src

	# download/verify bash source
	wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
	wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz.sig
	gpg hackychecky # hack to make sure config files exist
	gpg --recv-keys 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
	gpg --verify bash-4.3.tar.gz.sig \|\| exit 1

	# download/verify patches 1-27
	for i in $(seq -f "%03g" 1 27); do
	wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i;
	wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i.sig;
	gpg --verify bash43-$i.sig \|\| exit 1;
	done

	tar xf bash-4.3.tar.gz
	cd bash-4.3

	# apply all patches
	for i in $(seq -f "%03g" 1 27); do
	patch -p0 < ../bash43-$i;
	done

	bash_path="$(which bash)"
	prefix=${bash_path:0:${#bash_path}-8}

	selinux="$(command -v sestatus)"
	if [[ -n $selinux ]]; then
	selinux_status="$(sestatus -v \| grep enforcing \| grep Current)"
	if [[ -n $selinux_status ]]; then
	selinux_flag=1;
	else
	selinux_flag=0;
	fi
	else
	selinux_flag=0;
	fi

	if [[ $selinux_flag == 1 ]]; then setenforce 0; fi

	./configure --prefix=$prefix && make && make install

	if [[ $selinux_flag == 1 ]]; then
	chcon -v --type=shell_exec_t $bash_path;
	setenforce 1;
	fi