From 12a47659f72f01cb852f5730362b8c5e9a82353c Mon Sep 17 00:00:00 2001 From: corwin Date: Thu, 30 Apr 2026 13:45:36 -0500 Subject: [PATCH] reference website, add set -x Thanks to #emacs user kiliro for suggesting it would be wise to mention https://copy.fail in the script that detects and attempts to patch for it. Change will add some meaningful top-natter, improve other comments, say thanks, enable command logging while the script runs. --- fix-copy-fail.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/fix-copy-fail.sh b/fix-copy-fail.sh index ad4b09a..693252b 100644 --- a/fix-copy-fail.sh +++ b/fix-copy-fail.sh @@ -1,4 +1,5 @@ #!/usr/bin/sh +# fix-copy-fail.sh - harden vs CVE-2026-31431, see: https://copy.fail # Copyright (c) 2026 Corwin Brust # # This program is free software: you can redistribute it and/or modify @@ -13,14 +14,28 @@ # along with this program. If not, see . # +# +# According to the website https://copy.fail (20262431@1pZ-5) +# CVE-2026-31431 enables privlage escalation via exploitation +# of a defect in the linux kernel intended to support a rarely +# used (but typically enabled) kernel model, "algif_aead". +# +# This script grew from walking several dozen apt(1) virtual machines +# and beneifited greatly from "peer" review and/or comments from the +# FSF SYSOPS, irc://libera.chat/#emacs and other nerds/activists. thx +# + +# more output. output is good. +set -x + # Delete the test user if it exists +grep '^testu ' /etc/passwd && deluser testu; # NOTE: this make the script repeatable however # it will still abandon the 'testu' account # # To remove the test account after patching: # deluser testu # -grep '^testu ' /etc/passwd && deluser testu; # Note this may not work all in one shot # due to the exploit screwing with the kernel