Update Bash to 3.2.54(1) on Apple Mac OS X 10.9.5

Since Apple hasn’t released a security update for the “shellshock” vulnerability [1] yet for Mavericks 10.9.5, this guide will help you properly patch bash.
NOTE: This guide has been updated since the 3.2.52 patch did not completely remove the vulnerability

Check your bash version

/bin/bash --version

If you have less than 3.2.51, you are most likely vulnerable.

Test for vulnerability
In your terminal type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

You are vulnerable if the output in your shell is this

vulnerable
echo this is a test

How to fix
If you don’t have wget, you’re going to want it eventually anyway. There are many ways to install this. I use homebrew.

brew install wget

Get the latest version of bash

mkdir ~/bash && cd ~/bash
wget http://opensource.apple.com/tarballs/bash/bash-92.tar.gz

Extract it

tar zxvf bash-92.tar.gz

Apply patches

cd bash-92 && cd bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-054 | patch -p0

Build it

cd ..
xcodebuild

Check version of newly built bash

~/bash/bash-92/build/Release/bash --version

Should be 3.2.54(1)

Install it

sudo mv /bin/bash /bin/bash.old
sudo mv /bin/sh /bin/sh.old
sudo chmod 0000 /bin/bash.old
sudo chmod 0000 /bin/sh.old
sudo cp ~/bash/bash-92/build/Release/bash /bin/
sudo cp ~/bash/bash-92/build/Release/sh /bin/

Quit terminal and open a new bash session.

Check your bash version

/bin/bash --version

Confirm by testing again

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Console output should be

this is a test

[1]: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Heartbleed Test

Are you scared to use the internets now because you are unsure what websites are affected by the Heartbleed bug? If so, here is a bookmarklet that will check the current website you are on for the vulnerability. Just drag the button into your toolbar to use on any site you want. If you see a error message it is probably because you are not viewing the site through the SSL. Try changing from http to https in the address bar.


Test site for Heartbleed

Thanks goes to filippo.io for creating the backend and for the idea.

Checkbox 2

I was walking home from work recently and overheard someone talking about checkboxes. This presented an idea; What tools are available for making checkboxes styleable in a more cross browser fashion?

A jQuery plugin that will take normal checkbox elements and make them styleable.

Github links as soon as I create a branch.

MIT License

Copyright © 2012 Rob Moen

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.